Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-1232
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T08:17:34.270Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1020622", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020622", }, { name: "oval:org.mitre.oval:def:5985", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/security-4.html", }, { name: "RHSA-2008:0862", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", }, { name: "ADV-2009-1609", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/1609", }, { name: "ADV-2009-2194", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2194", }, { name: "34013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/34013", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", }, { name: "ADV-2008-2823", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2823", }, { name: "37460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37460", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", }, { name: "31982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31982", }, { name: "31681", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/31681", }, { name: "32120", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32120", }, { name: "oval:org.mitre.oval:def:11181", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { name: "33999", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33999", }, { name: "30496", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/30496", }, { name: "31865", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31865", }, { name: "4098", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/4098", }, { name: "FEDORA-2008-8130", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", }, { name: "31639", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31639", }, { name: "SUSE-SR:2008:018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", }, { name: "36108", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36108", }, { name: "MDVSA-2008:188", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", }, { name: "31379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31379", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", }, { name: "ADV-2009-0320", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0320", }, { name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { name: "RHSA-2008:0864", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", }, { name: "SUSE-SR:2009:004", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/security-6.html", }, { name: "57126", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57126", }, { name: "32222", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32222", }, { name: "31891", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31891", }, { name: "33797", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/33797", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", }, { name: "20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", }, { name: "FEDORA-2008-7977", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", }, { name: "ADV-2008-2305", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2305", }, { name: "FEDORA-2008-8113", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", }, { name: "20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://tomcat.apache.org/security-5.html", }, { name: "35474", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/35474", }, { name: "ADV-2008-2780", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/2780", }, { name: "31381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/31381", }, { name: "HPSBUX02401", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { name: "HPSBST02955", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", }, { name: "APPLE-SA-2008-10-09", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.apple.com/kb/HT3216", }, { name: "ADV-2009-0503", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/0503", }, { name: "ADV-2009-3316", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { name: "SSRT090005", tags: [ "vendor-advisory", "x_refsource_HP", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { name: "tomcat-httpservletresponse-xss(44155)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", }, { name: "20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", }, { name: "32266", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32266", }, { name: "RHSA-2008:0648", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-08-01T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-13T16:08:36", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "1020622", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020622", }, { name: "oval:org.mitre.oval:def:5985", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/security-4.html", }, { name: "RHSA-2008:0862", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", }, { name: "ADV-2009-1609", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/1609", }, { name: "ADV-2009-2194", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2194", }, { name: "34013", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/34013", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", }, { name: "ADV-2008-2823", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2823", }, { name: "37460", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37460", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", }, { name: "31982", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31982", }, { name: "31681", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/31681", }, { name: "32120", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32120", }, { name: "oval:org.mitre.oval:def:11181", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { name: "33999", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33999", }, { name: "30496", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/30496", }, { name: "31865", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31865", }, { name: "4098", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/4098", }, { name: "FEDORA-2008-8130", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", }, { name: "31639", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31639", }, { name: "SUSE-SR:2008:018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", }, { name: "36108", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36108", }, { name: "MDVSA-2008:188", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", }, { name: "31379", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31379", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", }, { name: "ADV-2009-0320", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0320", }, { name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { name: "RHSA-2008:0864", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", }, { name: "SUSE-SR:2009:004", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/security-6.html", }, { name: "57126", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57126", }, { name: "32222", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32222", }, { name: "31891", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31891", }, { name: "33797", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/33797", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", }, { name: "20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", }, { name: "FEDORA-2008-7977", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", }, { name: "ADV-2008-2305", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2305", }, { name: "FEDORA-2008-8113", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", }, { name: "20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://tomcat.apache.org/security-5.html", }, { name: "35474", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/35474", }, { name: "ADV-2008-2780", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/2780", }, { name: "31381", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/31381", }, { name: "HPSBUX02401", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { name: "HPSBST02955", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", }, { name: "APPLE-SA-2008-10-09", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.apple.com/kb/HT3216", }, { name: "ADV-2009-0503", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/0503", }, { name: "ADV-2009-3316", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { name: "SSRT090005", tags: [ "vendor-advisory", "x_refsource_HP", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { name: "tomcat-httpservletresponse-xss(44155)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", }, { name: "20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", }, { name: "32266", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32266", }, { name: "RHSA-2008:0648", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", }, { name: "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2008-1232", datePublished: "2008-08-04T01:00:00", dateReserved: "2008-03-10T00:00:00", dateUpdated: "2024-08-07T08:17:34.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2008-1232\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-08-04T01:41:00.000\",\"lastModified\":\"2024-11-21T00:44:00.730\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de una cadena manipulada usada en el argumento message del método HttpServletResponse.sendError.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndIncluding\":\"4.1.37\",\"matchCriteriaId\":\"458FD040-A592-486C-A20B-4EADDEF11548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5.0\",\"versionEndIncluding\":\"5.5.26\",\"matchCriteriaId\":\"23442E8F-FB06-4198-91A3-B98DD56124D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.0.16\",\"matchCriteriaId\":\"AC0B6510-25D7-406A-B6F2-25AB6C3EBB67\"}]}]}],\"references\":[{\"url\":\"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=123376588623823&w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=123376588623823&w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=139344343412337&w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31379\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31381\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31639\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31865\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31891\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31982\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32120\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32266\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/33999\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/34013\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/35474\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/36108\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/4098\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0648.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0862.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0864.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/495021/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/504351/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/505556/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/30496\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020622\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0002.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2305\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2823\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0503\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1609\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2194\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"secalert@redhat.com\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44155\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=123376588623823&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=123376588623823&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=bugtraq&m=139344343412337&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/31379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/31982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/33999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/34013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/35474\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/36108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://securityreason.com/securityalert/4098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0648.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0862.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0864.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/495021/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/504351/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/505556/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/30496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1020622\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/2823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/1609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/2194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"URL Repurposed\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Tool Signature\"]},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}", }, }
RHSA-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0602", url: "https://access.redhat.com/errata/RHSA-2010:0602", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#moderate", url: "http://www.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", url: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", }, { category: "external", summary: "200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json", }, ], title: "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", tracking: { current_release_date: "2024-12-15T18:14:44+00:00", generator: { date: "2024-12-15T18:14:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2010:0602", initial_release_date: "2010-08-04T21:30:00+00:00", revision_history: [ { date: "2010-08-04T21:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-08-05T10:04:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:14:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Certificate System 7.3 for 4AS", product: { name: "Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, { category: "product_name", name: "Red Hat Certificate System 7.3 for 4ES", product: { name: "Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, ], category: "product_family", name: "Red Hat Certificate System", }, { branches: [ { category: "product_version", name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.noarch", product: { name: "ant-0:1.6.5-1jpp_1rh.noarch", product_id: "ant-0:1.6.5-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_id: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.noarch", product: { name: "axis-0:1.2.1-1jpp_3rh.noarch", product_id: "axis-0:1.2.1-1jpp_3rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.noarch", product: { name: "log4j-0:1.2.12-1jpp_1rh.noarch", product_id: "log4j-0:1.2.12-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_id: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-manage-0:7.3.0-19.el4.noarch", product: { name: "rhpki-manage-0:7.3.0-19.el4.noarch", product_id: "rhpki-manage-0:7.3.0-19.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ca-0:7.3.0-20.el4.noarch", product: { name: "rhpki-ca-0:7.3.0-20.el4.noarch", product_id: "rhpki-ca-0:7.3.0-20.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-kra-0:7.3.0-14.el4.noarch", product: { name: "rhpki-kra-0:7.3.0-14.el4.noarch", product_id: "rhpki-kra-0:7.3.0-14.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-tks-0:7.3.0-13.el4.noarch", product: { name: "rhpki-tks-0:7.3.0-13.el4.noarch", product_id: "rhpki-tks-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_id: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_id: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.src", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.src", product_id: "xml-commons-0:1.3.02-2jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.src", product: { name: "ant-0:1.6.5-1jpp_1rh.src", product_id: "ant-0:1.6.5-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.src", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.src", product_id: "avalon-logkit-0:1.2-2jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.src", product: { name: "axis-0:1.2.1-1jpp_3rh.src", product_id: "axis-0:1.2.1-1jpp_3rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.src", product: { name: "log4j-0:1.2.12-1jpp_1rh.src", product_id: "log4j-0:1.2.12-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.src", product: { name: "mx4j-1:3.0.1-1jpp_4rh.src", product_id: "mx4j-1:3.0.1-1jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.src", product: { name: "pcsc-lite-0:1.3.3-3.el4.src", product_id: "pcsc-lite-0:1.3.3-3.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_id: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_id: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2090", discovery_date: "2005-06-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237079", }, ], notes: [ { category: "description", text: "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", title: "Vulnerability description", }, { category: "summary", text: "tomcat multiple content-length header poisioning", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2090", }, { category: "external", summary: "RHBZ#237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2090", url: "https://www.cve.org/CVERecord?id=CVE-2005-2090", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", }, ], release_date: "2005-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat multiple content-length header poisioning", }, { cve: "CVE-2005-3510", discovery_date: "2005-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237085", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", title: "Vulnerability description", }, { category: "summary", text: "tomcat DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-3510", }, { category: "external", summary: "RHBZ#237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-3510", url: "https://www.cve.org/CVERecord?id=CVE-2005-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", }, ], release_date: "2005-11-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat DoS", }, { cve: "CVE-2006-3835", discovery_date: "2006-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237084", }, ], notes: [ { category: "description", text: "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory listing issue", title: "Vulnerability summary", }, { category: "other", text: "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3835", }, { category: "external", summary: "RHBZ#237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3835", url: "https://www.cve.org/CVERecord?id=CVE-2006-3835", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", }, ], release_date: "2006-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat directory listing issue", }, { cve: "CVE-2006-3918", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-07-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "200732", }, ], notes: [ { category: "description", text: "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Expect header XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3918", }, { category: "external", summary: "RHBZ#200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3918", url: "https://www.cve.org/CVERecord?id=CVE-2006-3918", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", }, ], release_date: "2006-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Expect header XSS", }, { cve: "CVE-2006-5752", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-06-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245112", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_status XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-5752", }, { category: "external", summary: "RHBZ#245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-5752", url: "https://www.cve.org/CVERecord?id=CVE-2006-5752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", }, ], release_date: "2007-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_status XSS", }, { cve: "CVE-2007-0450", discovery_date: "2007-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237080", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory traversal", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-0450", }, { category: "external", summary: "RHBZ#237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-0450", url: "https://www.cve.org/CVERecord?id=CVE-2007-0450", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", }, ], release_date: "2007-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat directory traversal", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-1863", discovery_date: "2007-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244658", }, ], notes: [ { category: "description", text: "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_cache segfault", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1863", }, { category: "external", summary: "RHBZ#244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1863", url: "https://www.cve.org/CVERecord?id=CVE-2007-1863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", }, ], release_date: "2007-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_cache segfault", }, { cve: "CVE-2007-3304", discovery_date: "2007-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245111", }, ], notes: [ { category: "description", text: "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", title: "Vulnerability description", }, { category: "summary", text: "httpd scoreboard lack of PID protection", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3304", }, { category: "external", summary: "RHBZ#245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3304", url: "https://www.cve.org/CVERecord?id=CVE-2007-3304", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", }, ], release_date: "2007-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd scoreboard lack of PID protection", }, { cve: "CVE-2007-3382", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247972", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookies", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3382", }, { category: "external", summary: "RHBZ#247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3382", url: "https://www.cve.org/CVERecord?id=CVE-2007-3382", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookies", }, { cve: "CVE-2007-3385", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247976", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookie values", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3385", }, { category: "external", summary: "RHBZ#247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3385", url: "https://www.cve.org/CVERecord?id=CVE-2007-3385", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookie values", }, { cve: "CVE-2007-3847", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2007-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "250731", }, ], notes: [ { category: "description", text: "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: out of bounds read", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3847", }, { category: "external", summary: "RHBZ#250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3847", url: "https://www.cve.org/CVERecord?id=CVE-2007-3847", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", }, ], release_date: "2007-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: out of bounds read", }, { cve: "CVE-2007-4465", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-09-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "289511", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", title: "Vulnerability description", }, { category: "summary", text: "mod_autoindex XSS", title: "Vulnerability summary", }, { category: "other", text: "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-4465", }, { category: "external", summary: "RHBZ#289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-4465", url: "https://www.cve.org/CVERecord?id=CVE-2007-4465", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", }, ], release_date: "2007-09-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_autoindex XSS", }, { cve: "CVE-2007-5000", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "419931", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_imagemap XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5000", }, { category: "external", summary: "RHBZ#419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5000", url: "https://www.cve.org/CVERecord?id=CVE-2007-5000", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", }, ], release_date: "2007-12-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_imagemap XSS", }, { acknowledgments: [ { names: [ "Tavis Ormandy", "Will Drewry", ], }, ], cve: "CVE-2007-5116", discovery_date: "2007-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "323571", }, ], notes: [ { category: "description", text: "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", title: "Vulnerability description", }, { category: "summary", text: "perl regular expression UTF parsing errors", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5116", }, { category: "external", summary: "RHBZ#323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5116", url: "https://www.cve.org/CVERecord?id=CVE-2007-5116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", }, ], release_date: "2007-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl regular expression UTF parsing errors", }, { cve: "CVE-2007-5333", discovery_date: "2008-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427766", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", title: "Vulnerability description", }, { category: "summary", text: "Improve cookie parsing for tomcat5", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5333", }, { category: "external", summary: "RHBZ#427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5333", url: "https://www.cve.org/CVERecord?id=CVE-2007-5333", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", }, ], release_date: "2008-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Improve cookie parsing for tomcat5", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6388", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427228", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "apache mod_status cross-site scripting", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6388", }, { category: "external", summary: "RHBZ#427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6388", url: "https://www.cve.org/CVERecord?id=CVE-2007-6388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", }, ], release_date: "2007-12-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache mod_status cross-site scripting", }, { cve: "CVE-2008-0005", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427739", }, ], notes: [ { category: "description", text: "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", title: "Vulnerability description", }, { category: "summary", text: "mod_proxy_ftp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0005", }, { category: "external", summary: "RHBZ#427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0005", url: "https://www.cve.org/CVERecord?id=CVE-2008-0005", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", }, ], release_date: "2008-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_proxy_ftp XSS", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1927", discovery_date: "2008-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "443928", }, ], notes: [ { category: "description", text: "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", title: "Vulnerability description", }, { category: "summary", text: "perl: heap corruption by regular expressions with utf8 characters", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1927", }, { category: "external", summary: "RHBZ#443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1927", url: "https://www.cve.org/CVERecord?id=CVE-2008-1927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", }, ], release_date: "2007-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl: heap corruption by regular expressions with utf8 characters", }, { cve: "CVE-2008-2364", discovery_date: "2008-05-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "451615", }, ], notes: [ { category: "description", text: "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2364", }, { category: "external", summary: "RHBZ#451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2364", url: "https://www.cve.org/CVERecord?id=CVE-2008-2364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", }, ], release_date: "2008-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2939", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "458250", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp globbing XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2939", }, { category: "external", summary: "RHBZ#458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2939", url: "https://www.cve.org/CVERecord?id=CVE-2008-2939", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", }, ], release_date: "2008-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp globbing XSS", }, { cve: "CVE-2008-5515", discovery_date: "2009-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504753", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", title: "Vulnerability description", }, { category: "summary", text: "tomcat request dispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-5515", }, { category: "external", summary: "RHBZ#504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-5515", url: "https://www.cve.org/CVERecord?id=CVE-2008-5515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", }, ], release_date: "2009-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat request dispatcher information disclosure vulnerability", }, { cve: "CVE-2009-0023", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503928", }, ], notes: [ { category: "description", text: "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", title: "Vulnerability description", }, { category: "summary", text: "apr-util heap buffer underwrite", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0023", }, { category: "external", summary: "RHBZ#503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0023", url: "https://www.cve.org/CVERecord?id=CVE-2009-0023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util heap buffer underwrite", }, { cve: "CVE-2009-0033", discovery_date: "2009-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "493381", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Denial-Of-Service with AJP connection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0033", }, { category: "external", summary: "RHBZ#493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0033", url: "https://www.cve.org/CVERecord?id=CVE-2009-0033", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat6 Denial-Of-Service with AJP connection", }, { cve: "CVE-2009-0580", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503978", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Information disclosure in authentication classes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0580", }, { category: "external", summary: "RHBZ#503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0580", url: "https://www.cve.org/CVERecord?id=CVE-2009-0580", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat6 Information disclosure in authentication classes", }, { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-1955", discovery_date: "2009-06-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504555", }, ], notes: [ { category: "description", text: "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", title: "Vulnerability description", }, { category: "summary", text: "apr-util billion laughs attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1955", }, { category: "external", summary: "RHBZ#504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1955", url: "https://www.cve.org/CVERecord?id=CVE-2009-1955", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", }, ], release_date: "2009-06-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util billion laughs attack", }, { cve: "CVE-2009-1956", discovery_date: "2009-06-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504390", }, ], notes: [ { category: "description", text: "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", title: "Vulnerability description", }, { category: "summary", text: "apr-util single NULL byte buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1956", }, { category: "external", summary: "RHBZ#504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1956", url: "https://www.cve.org/CVERecord?id=CVE-2009-1956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", }, ], release_date: "2009-04-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util single NULL byte buffer overflow", }, { cve: "CVE-2009-2412", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2009-07-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "515698", }, ], notes: [ { category: "description", text: "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2412", }, { category: "external", summary: "RHBZ#515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2412", url: "https://www.cve.org/CVERecord?id=CVE-2009-2412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", }, ], release_date: "2009-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-4901", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-4901", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-4901", url: "https://www.cve.org/CVERecord?id=CVE-2009-4901", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0407", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0407", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0407", url: "https://www.cve.org/CVERecord?id=CVE-2010-0407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0434", discovery_date: "2010-03-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "570171", }, ], notes: [ { category: "description", text: "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", title: "Vulnerability description", }, { category: "summary", text: "httpd: request header information leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0434", }, { category: "external", summary: "RHBZ#570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0434", url: "https://www.cve.org/CVERecord?id=CVE-2010-0434", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", }, ], release_date: "2009-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: request header information leak", }, ], }
rhsa-2010_0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0602", url: "https://access.redhat.com/errata/RHSA-2010:0602", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#moderate", url: "http://www.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", url: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", }, { category: "external", summary: "200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json", }, ], title: "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", tracking: { current_release_date: "2024-12-15T18:14:44+00:00", generator: { date: "2024-12-15T18:14:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2010:0602", initial_release_date: "2010-08-04T21:30:00+00:00", revision_history: [ { date: "2010-08-04T21:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-08-05T10:04:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:14:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Certificate System 7.3 for 4AS", product: { name: "Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, { category: "product_name", name: "Red Hat Certificate System 7.3 for 4ES", product: { name: "Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, ], category: "product_family", name: "Red Hat Certificate System", }, { branches: [ { category: "product_version", name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.noarch", product: { name: "ant-0:1.6.5-1jpp_1rh.noarch", product_id: "ant-0:1.6.5-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_id: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.noarch", product: { name: "axis-0:1.2.1-1jpp_3rh.noarch", product_id: "axis-0:1.2.1-1jpp_3rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.noarch", product: { name: "log4j-0:1.2.12-1jpp_1rh.noarch", product_id: "log4j-0:1.2.12-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_id: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-manage-0:7.3.0-19.el4.noarch", product: { name: "rhpki-manage-0:7.3.0-19.el4.noarch", product_id: "rhpki-manage-0:7.3.0-19.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ca-0:7.3.0-20.el4.noarch", product: { name: "rhpki-ca-0:7.3.0-20.el4.noarch", product_id: "rhpki-ca-0:7.3.0-20.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-kra-0:7.3.0-14.el4.noarch", product: { name: "rhpki-kra-0:7.3.0-14.el4.noarch", product_id: "rhpki-kra-0:7.3.0-14.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-tks-0:7.3.0-13.el4.noarch", product: { name: "rhpki-tks-0:7.3.0-13.el4.noarch", product_id: "rhpki-tks-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_id: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_id: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.src", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.src", product_id: "xml-commons-0:1.3.02-2jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.src", product: { name: "ant-0:1.6.5-1jpp_1rh.src", product_id: "ant-0:1.6.5-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.src", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.src", product_id: "avalon-logkit-0:1.2-2jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.src", product: { name: "axis-0:1.2.1-1jpp_3rh.src", product_id: "axis-0:1.2.1-1jpp_3rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.src", product: { name: "log4j-0:1.2.12-1jpp_1rh.src", product_id: "log4j-0:1.2.12-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.src", product: { name: "mx4j-1:3.0.1-1jpp_4rh.src", product_id: "mx4j-1:3.0.1-1jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.src", product: { name: "pcsc-lite-0:1.3.3-3.el4.src", product_id: "pcsc-lite-0:1.3.3-3.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_id: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_id: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2090", discovery_date: "2005-06-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237079", }, ], notes: [ { category: "description", text: "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", title: "Vulnerability description", }, { category: "summary", text: "tomcat multiple content-length header poisioning", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2090", }, { category: "external", summary: "RHBZ#237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2090", url: "https://www.cve.org/CVERecord?id=CVE-2005-2090", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", }, ], release_date: "2005-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat multiple content-length header poisioning", }, { cve: "CVE-2005-3510", discovery_date: "2005-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237085", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", title: "Vulnerability description", }, { category: "summary", text: "tomcat DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-3510", }, { category: "external", summary: "RHBZ#237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-3510", url: "https://www.cve.org/CVERecord?id=CVE-2005-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", }, ], release_date: "2005-11-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat DoS", }, { cve: "CVE-2006-3835", discovery_date: "2006-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237084", }, ], notes: [ { category: "description", text: "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory listing issue", title: "Vulnerability summary", }, { category: "other", text: "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3835", }, { category: "external", summary: "RHBZ#237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3835", url: "https://www.cve.org/CVERecord?id=CVE-2006-3835", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", }, ], release_date: "2006-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat directory listing issue", }, { cve: "CVE-2006-3918", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-07-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "200732", }, ], notes: [ { category: "description", text: "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Expect header XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3918", }, { category: "external", summary: "RHBZ#200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3918", url: "https://www.cve.org/CVERecord?id=CVE-2006-3918", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", }, ], release_date: "2006-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Expect header XSS", }, { cve: "CVE-2006-5752", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-06-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245112", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_status XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-5752", }, { category: "external", summary: "RHBZ#245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-5752", url: "https://www.cve.org/CVERecord?id=CVE-2006-5752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", }, ], release_date: "2007-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_status XSS", }, { cve: "CVE-2007-0450", discovery_date: "2007-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237080", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory traversal", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-0450", }, { category: "external", summary: "RHBZ#237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-0450", url: "https://www.cve.org/CVERecord?id=CVE-2007-0450", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", }, ], release_date: "2007-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat directory traversal", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-1863", discovery_date: "2007-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244658", }, ], notes: [ { category: "description", text: "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_cache segfault", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1863", }, { category: "external", summary: "RHBZ#244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1863", url: "https://www.cve.org/CVERecord?id=CVE-2007-1863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", }, ], release_date: "2007-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_cache segfault", }, { cve: "CVE-2007-3304", discovery_date: "2007-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245111", }, ], notes: [ { category: "description", text: "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", title: "Vulnerability description", }, { category: "summary", text: "httpd scoreboard lack of PID protection", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3304", }, { category: "external", summary: "RHBZ#245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3304", url: "https://www.cve.org/CVERecord?id=CVE-2007-3304", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", }, ], release_date: "2007-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd scoreboard lack of PID protection", }, { cve: "CVE-2007-3382", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247972", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookies", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3382", }, { category: "external", summary: "RHBZ#247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3382", url: "https://www.cve.org/CVERecord?id=CVE-2007-3382", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookies", }, { cve: "CVE-2007-3385", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247976", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookie values", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3385", }, { category: "external", summary: "RHBZ#247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3385", url: "https://www.cve.org/CVERecord?id=CVE-2007-3385", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookie values", }, { cve: "CVE-2007-3847", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2007-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "250731", }, ], notes: [ { category: "description", text: "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: out of bounds read", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3847", }, { category: "external", summary: "RHBZ#250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3847", url: "https://www.cve.org/CVERecord?id=CVE-2007-3847", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", }, ], release_date: "2007-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: out of bounds read", }, { cve: "CVE-2007-4465", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-09-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "289511", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", title: "Vulnerability description", }, { category: "summary", text: "mod_autoindex XSS", title: "Vulnerability summary", }, { category: "other", text: "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-4465", }, { category: "external", summary: "RHBZ#289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-4465", url: "https://www.cve.org/CVERecord?id=CVE-2007-4465", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", }, ], release_date: "2007-09-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_autoindex XSS", }, { cve: "CVE-2007-5000", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "419931", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_imagemap XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5000", }, { category: "external", summary: "RHBZ#419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5000", url: "https://www.cve.org/CVERecord?id=CVE-2007-5000", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", }, ], release_date: "2007-12-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_imagemap XSS", }, { acknowledgments: [ { names: [ "Tavis Ormandy", "Will Drewry", ], }, ], cve: "CVE-2007-5116", discovery_date: "2007-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "323571", }, ], notes: [ { category: "description", text: "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", title: "Vulnerability description", }, { category: "summary", text: "perl regular expression UTF parsing errors", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5116", }, { category: "external", summary: "RHBZ#323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5116", url: "https://www.cve.org/CVERecord?id=CVE-2007-5116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", }, ], release_date: "2007-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl regular expression UTF parsing errors", }, { cve: "CVE-2007-5333", discovery_date: "2008-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427766", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", title: "Vulnerability description", }, { category: "summary", text: "Improve cookie parsing for tomcat5", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5333", }, { category: "external", summary: "RHBZ#427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5333", url: "https://www.cve.org/CVERecord?id=CVE-2007-5333", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", }, ], release_date: "2008-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Improve cookie parsing for tomcat5", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6388", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427228", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "apache mod_status cross-site scripting", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6388", }, { category: "external", summary: "RHBZ#427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6388", url: "https://www.cve.org/CVERecord?id=CVE-2007-6388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", }, ], release_date: "2007-12-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache mod_status cross-site scripting", }, { cve: "CVE-2008-0005", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427739", }, ], notes: [ { category: "description", text: "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", title: "Vulnerability description", }, { category: "summary", text: "mod_proxy_ftp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0005", }, { category: "external", summary: "RHBZ#427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0005", url: "https://www.cve.org/CVERecord?id=CVE-2008-0005", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", }, ], release_date: "2008-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_proxy_ftp XSS", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1927", discovery_date: "2008-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "443928", }, ], notes: [ { category: "description", text: "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", title: "Vulnerability description", }, { category: "summary", text: "perl: heap corruption by regular expressions with utf8 characters", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1927", }, { category: "external", summary: "RHBZ#443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1927", url: "https://www.cve.org/CVERecord?id=CVE-2008-1927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", }, ], release_date: "2007-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl: heap corruption by regular expressions with utf8 characters", }, { cve: "CVE-2008-2364", discovery_date: "2008-05-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "451615", }, ], notes: [ { category: "description", text: "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2364", }, { category: "external", summary: "RHBZ#451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2364", url: "https://www.cve.org/CVERecord?id=CVE-2008-2364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", }, ], release_date: "2008-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2939", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "458250", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp globbing XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2939", }, { category: "external", summary: "RHBZ#458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2939", url: "https://www.cve.org/CVERecord?id=CVE-2008-2939", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", }, ], release_date: "2008-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp globbing XSS", }, { cve: "CVE-2008-5515", discovery_date: "2009-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504753", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", title: "Vulnerability description", }, { category: "summary", text: "tomcat request dispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-5515", }, { category: "external", summary: "RHBZ#504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-5515", url: "https://www.cve.org/CVERecord?id=CVE-2008-5515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", }, ], release_date: "2009-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat request dispatcher information disclosure vulnerability", }, { cve: "CVE-2009-0023", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503928", }, ], notes: [ { category: "description", text: "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", title: "Vulnerability description", }, { category: "summary", text: "apr-util heap buffer underwrite", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0023", }, { category: "external", summary: "RHBZ#503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0023", url: "https://www.cve.org/CVERecord?id=CVE-2009-0023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util heap buffer underwrite", }, { cve: "CVE-2009-0033", discovery_date: "2009-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "493381", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Denial-Of-Service with AJP connection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0033", }, { category: "external", summary: "RHBZ#493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0033", url: "https://www.cve.org/CVERecord?id=CVE-2009-0033", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat6 Denial-Of-Service with AJP connection", }, { cve: "CVE-2009-0580", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503978", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Information disclosure in authentication classes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0580", }, { category: "external", summary: "RHBZ#503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0580", url: "https://www.cve.org/CVERecord?id=CVE-2009-0580", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat6 Information disclosure in authentication classes", }, { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-1955", discovery_date: "2009-06-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504555", }, ], notes: [ { category: "description", text: "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", title: "Vulnerability description", }, { category: "summary", text: "apr-util billion laughs attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1955", }, { category: "external", summary: "RHBZ#504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1955", url: "https://www.cve.org/CVERecord?id=CVE-2009-1955", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", }, ], release_date: "2009-06-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util billion laughs attack", }, { cve: "CVE-2009-1956", discovery_date: "2009-06-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504390", }, ], notes: [ { category: "description", text: "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", title: "Vulnerability description", }, { category: "summary", text: "apr-util single NULL byte buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1956", }, { category: "external", summary: "RHBZ#504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1956", url: "https://www.cve.org/CVERecord?id=CVE-2009-1956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", }, ], release_date: "2009-04-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util single NULL byte buffer overflow", }, { cve: "CVE-2009-2412", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2009-07-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "515698", }, ], notes: [ { category: "description", text: "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2412", }, { category: "external", summary: "RHBZ#515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2412", url: "https://www.cve.org/CVERecord?id=CVE-2009-2412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", }, ], release_date: "2009-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-4901", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-4901", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-4901", url: "https://www.cve.org/CVERecord?id=CVE-2009-4901", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0407", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0407", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0407", url: "https://www.cve.org/CVERecord?id=CVE-2010-0407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0434", discovery_date: "2010-03-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "570171", }, ], notes: [ { category: "description", text: "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", title: "Vulnerability description", }, { category: "summary", text: "httpd: request header information leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0434", }, { category: "external", summary: "RHBZ#570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0434", url: "https://www.cve.org/CVERecord?id=CVE-2010-0434", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", }, ], release_date: "2009-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: request header information leak", }, ], }
RHSA-2008:0648
Vulnerability from csaf_redhat
Published
2008-08-27 17:13
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0648", url: "https://access.redhat.com/errata/RHSA-2008:0648", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0648.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:57+00:00", generator: { date: "2024-11-22T02:13:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0648", initial_release_date: "2008-08-27T17:13:00+00:00", revision_history: [ { date: "2008-08-27T17:13:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-08-27T13:13:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
rhsa-2008_0648
Vulnerability from csaf_redhat
Published
2008-08-27 17:13
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0648", url: "https://access.redhat.com/errata/RHSA-2008:0648", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0648.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:57+00:00", generator: { date: "2024-11-22T02:13:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0648", initial_release_date: "2008-08-27T17:13:00+00:00", revision_history: [ { date: "2008-08-27T17:13:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-08-27T13:13:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
RHSA-2008:0862
Vulnerability from csaf_redhat
Published
2008-10-02 14:03
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Application Server v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
Tomcat process. (CVE-2007-5342)
A directory traversal vulnerability was discovered in the Apache Tomcat
webdav servlet. Under certain configurations, this allowed remote,
authenticated users to read files accessible to the local Tomcat process.
(CVE-2007-5461)
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0862", url: "https://access.redhat.com/errata/RHSA-2008:0862", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "427216", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427216", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:30+00:00", generator: { date: "2024-11-22T02:13:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0862", initial_release_date: "2008-10-02T14:03:00+00:00", revision_history: [ { date: "2008-10-02T14:03:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-10-02T10:03:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Application Server v2 4AS", product: { name: "Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, { category: "product_name", name: "Red Hat Application Server v2 4ES", product: { name: "Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, { category: "product_name", name: "Red Hat Application Server v2 4WS", product: { name: "Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, ], category: "product_family", name: "Red Hat Application Server", }, { branches: [ { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, ], }, vulnerabilities: [ { cve: "CVE-2007-5342", discovery_date: "2007-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427216", }, ], notes: [ { category: "description", text: "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.", title: "Vulnerability description", }, { category: "summary", text: "Apache Tomcat's default security policy is too open", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5342", }, { category: "external", summary: "RHBZ#427216", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427216", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5342", url: "https://www.cve.org/CVERecord?id=CVE-2007-5342", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5342", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5342", }, ], release_date: "2007-12-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Apache Tomcat's default security policy is too open", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
rhsa-2008:0864
Vulnerability from csaf_redhat
Published
2008-10-02 14:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0864", url: "https://access.redhat.com/errata/RHSA-2008:0864", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0864.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:34+00:00", generator: { date: "2024-11-22T02:13:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0864", initial_release_date: "2008-10-02T14:02:00+00:00", revision_history: [ { date: "2008-10-02T14:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-10-02T10:02:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Developer Suite v.3 (AS v.4)", product: { name: "Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_developer_suite:3", }, }, }, ], category: "product_family", name: "Red Hat Developer Suite v.3", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_12rh.src", product: { name: "tomcat5-0:5.5.23-0jpp_12rh.src", product_id: "tomcat5-0:5.5.23-0jpp_12rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_12rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_12rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_12rh.src", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
rhsa-2008:0862
Vulnerability from csaf_redhat
Published
2008-10-02 14:03
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Application Server v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
Tomcat process. (CVE-2007-5342)
A directory traversal vulnerability was discovered in the Apache Tomcat
webdav servlet. Under certain configurations, this allowed remote,
authenticated users to read files accessible to the local Tomcat process.
(CVE-2007-5461)
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0862", url: "https://access.redhat.com/errata/RHSA-2008:0862", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "427216", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427216", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:30+00:00", generator: { date: "2024-11-22T02:13:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0862", initial_release_date: "2008-10-02T14:03:00+00:00", revision_history: [ { date: "2008-10-02T14:03:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-10-02T10:03:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Application Server v2 4AS", product: { name: "Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, { category: "product_name", name: "Red Hat Application Server v2 4ES", product: { name: "Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, { category: "product_name", name: "Red Hat Application Server v2 4WS", product: { name: "Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, ], category: "product_family", name: "Red Hat Application Server", }, { branches: [ { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, ], }, vulnerabilities: [ { cve: "CVE-2007-5342", discovery_date: "2007-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427216", }, ], notes: [ { category: "description", text: "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.", title: "Vulnerability description", }, { category: "summary", text: "Apache Tomcat's default security policy is too open", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5342", }, { category: "external", summary: "RHBZ#427216", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427216", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5342", url: "https://www.cve.org/CVERecord?id=CVE-2007-5342", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5342", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5342", }, ], release_date: "2007-12-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Apache Tomcat's default security policy is too open", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
rhsa-2008:0648
Vulnerability from csaf_redhat
Published
2008-08-27 17:13
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0648", url: "https://access.redhat.com/errata/RHSA-2008:0648", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0648.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:57+00:00", generator: { date: "2024-11-22T02:13:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0648", initial_release_date: "2008-08-27T17:13:00+00:00", revision_history: [ { date: "2008-08-27T17:13:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-08-27T13:13:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product: { name: "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::client_workstation", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux (v. 5 server)", product: { name: "Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:5::server", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ia64", }, }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ppc", }, }, }, ], category: "architecture", name: "ppc", }, { branches: [ { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc64", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc64", }, }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", product_id: "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client-Workstation", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", product_id: "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Client", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", relates_to_product_reference: "5Server", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", product_id: "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", relates_to_product_reference: "5Server", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-08-27T17:13:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src", "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x", "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0648", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
RHSA-2008:1007
Vulnerability from csaf_redhat
Published
2008-12-08 09:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Network Satellite Server.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
Details
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a
typical operating environment, Tomcat is not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,
CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)
Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update
to these Tomcat packages which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:1007", url: "https://access.redhat.com/errata/RHSA-2008:1007", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "466875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466875", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json", }, ], title: "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server", tracking: { current_release_date: "2024-11-22T02:13:43+00:00", generator: { date: "2024-11-22T02:13:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:1007", initial_release_date: "2008-12-08T09:02:00+00:00", revision_history: [ { date: "2008-12-08T09:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-12-08T04:02:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.1::el4", }, }, }, { category: "product_name", name: "Red Hat Satellite 5.0 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.0 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.0:el4", }, }, }, ], category: "product_family", name: "Red Hat Satellite", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product_id: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_12rh.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_12rh.noarch", relates_to_product_reference: "4AS-RHNSAT5", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, { cve: "CVE-2008-3271", discovery_date: "2008-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "466875", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RemoteFilterValve Information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-3271", }, { category: "external", summary: "RHBZ#466875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-3271", url: "https://www.cve.org/CVERecord?id=CVE-2008-3271", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-3271", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-3271", }, ], release_date: "2008-10-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat RemoteFilterValve Information disclosure", }, ], }
rhsa-2008:0877
Vulnerability from csaf_redhat
Published
2008-09-22 13:32
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: jbossweb security update
Notes
Topic
An updated jbossweb package that fixes various security issues is now
available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and
4.3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoft® .NET, PHP, and CGI.
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)
Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and\n4.3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft® .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0877", url: "https://access.redhat.com/errata/RHSA-2008:0877", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0877.json", }, ], title: "Red Hat Security Advisory: jbossweb security update", tracking: { current_release_date: "2024-11-22T02:13:38+00:00", generator: { date: "2024-11-22T02:13:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0877", initial_release_date: "2008-09-22T13:32:00+00:00", revision_history: [ { date: "2008-09-22T13:32:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-09-22T09:32:27+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=src", }, }, }, { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4AS-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4AS-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4ES-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4ES-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.2.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.2.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
RHSA-2008:0877
Vulnerability from csaf_redhat
Published
2008-09-22 13:32
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: jbossweb security update
Notes
Topic
An updated jbossweb package that fixes various security issues is now
available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and
4.3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoft® .NET, PHP, and CGI.
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)
Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and\n4.3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft® .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0877", url: "https://access.redhat.com/errata/RHSA-2008:0877", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0877.json", }, ], title: "Red Hat Security Advisory: jbossweb security update", tracking: { current_release_date: "2024-11-22T02:13:38+00:00", generator: { date: "2024-11-22T02:13:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0877", initial_release_date: "2008-09-22T13:32:00+00:00", revision_history: [ { date: "2008-09-22T13:32:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-09-22T09:32:27+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=src", }, }, }, { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4AS-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4AS-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4ES-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4ES-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.2.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.2.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
RHSA-2008:0864
Vulnerability from csaf_redhat
Published
2008-10-02 14:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0864", url: "https://access.redhat.com/errata/RHSA-2008:0864", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0864.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:34+00:00", generator: { date: "2024-11-22T02:13:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0864", initial_release_date: "2008-10-02T14:02:00+00:00", revision_history: [ { date: "2008-10-02T14:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-10-02T10:02:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Developer Suite v.3 (AS v.4)", product: { name: "Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_developer_suite:3", }, }, }, ], category: "product_family", name: "Red Hat Developer Suite v.3", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_12rh.src", product: { name: "tomcat5-0:5.5.23-0jpp_12rh.src", product_id: "tomcat5-0:5.5.23-0jpp_12rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_12rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_12rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_12rh.src", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
rhsa-2008_0864
Vulnerability from csaf_redhat
Published
2008-10-02 14:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0864", url: "https://access.redhat.com/errata/RHSA-2008:0864", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0864.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:34+00:00", generator: { date: "2024-11-22T02:13:34+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0864", initial_release_date: "2008-10-02T14:02:00+00:00", revision_history: [ { date: "2008-10-02T14:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-10-02T10:02:59+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:34+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Developer Suite v.3 (AS v.4)", product: { name: "Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_developer_suite:3", }, }, }, ], category: "product_family", name: "Red Hat Developer Suite v.3", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_12rh.src", product: { name: "tomcat5-0:5.5.23-0jpp_12rh.src", product_id: "tomcat5-0:5.5.23-0jpp_12rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_12rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_12rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_12rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_12rh.src", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)", product_id: "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", relates_to_product_reference: "4AS-DS3", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:02:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src", "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch", "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0864", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
rhsa-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", title: "Topic", }, { category: "general", text: "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2010:0602", url: "https://access.redhat.com/errata/RHSA-2010:0602", }, { category: "external", summary: "http://www.redhat.com/security/updates/classification/#moderate", url: "http://www.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", url: "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html", }, { category: "external", summary: "200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json", }, ], title: "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update", tracking: { current_release_date: "2024-12-15T18:14:44+00:00", generator: { date: "2024-12-15T18:14:44+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2010:0602", initial_release_date: "2010-08-04T21:30:00+00:00", revision_history: [ { date: "2010-08-04T21:30:00+00:00", number: "1", summary: "Initial version", }, { date: "2010-08-05T10:04:51+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-15T18:14:44+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Certificate System 7.3 for 4AS", product: { name: "Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, { category: "product_name", name: "Red Hat Certificate System 7.3 for 4ES", product: { name: "Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3", product_identification_helper: { cpe: "cpe:/a:redhat:certificate_system:7.3", }, }, }, ], category: "product_family", name: "Red Hat Certificate System", }, { branches: [ { category: "product_version", name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_id: "xml-commons-0:1.3.02-2jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.noarch", product: { name: "ant-0:1.6.5-1jpp_1rh.noarch", product_id: "ant-0:1.6.5-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_id: "avalon-logkit-0:1.2-2jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.noarch", product: { name: "axis-0:1.2.1-1jpp_3rh.noarch", product_id: "axis-0:1.2.1-1jpp_3rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.noarch", product: { name: "log4j-0:1.2.12-1jpp_1rh.noarch", product_id: "log4j-0:1.2.12-1jpp_1rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_id: "mx4j-1:3.0.1-1jpp_4rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-manage-0:7.3.0-19.el4.noarch", product: { name: "rhpki-manage-0:7.3.0-19.el4.noarch", product_id: "rhpki-manage-0:7.3.0-19.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ca-0:7.3.0-20.el4.noarch", product: { name: "rhpki-ca-0:7.3.0-20.el4.noarch", product_id: "rhpki-ca-0:7.3.0-20.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-kra-0:7.3.0-14.el4.noarch", product: { name: "rhpki-kra-0:7.3.0-14.el4.noarch", product_id: "rhpki-kra-0:7.3.0-14.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-tks-0:7.3.0-13.el4.noarch", product: { name: "rhpki-tks-0:7.3.0-13.el4.noarch", product_id: "rhpki-tks-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_id: "rhpki-ocsp-0:7.3.0-13.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch", }, }, }, { category: "product_version", name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_id: "rhpki-java-tools-0:7.3.0-10.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, { category: "product_version", name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_id: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "xml-commons-0:1.3.02-2jpp_1rh.src", product: { name: "xml-commons-0:1.3.02-2jpp_1rh.src", product_id: "xml-commons-0:1.3.02-2jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_id: "xerces-j2-0:2.7.1-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "ant-0:1.6.5-1jpp_1rh.src", product: { name: "ant-0:1.6.5-1jpp_1rh.src", product_id: "ant-0:1.6.5-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "avalon-logkit-0:1.2-2jpp_4rh.src", product: { name: "avalon-logkit-0:1.2-2jpp_4rh.src", product_id: "avalon-logkit-0:1.2-2jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src", }, }, }, { category: "product_version", name: "axis-0:1.2.1-1jpp_3rh.src", product: { name: "axis-0:1.2.1-1jpp_3rh.src", product_id: "axis-0:1.2.1-1jpp_3rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_id: "classpathx-jaf-0:1.0-2jpp_6rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src", }, }, }, { category: "product_version", name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_id: "classpathx-mail-0:1.1.1-2jpp_8rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src", }, }, }, { category: "product_version", name: "log4j-0:1.2.12-1jpp_1rh.src", product: { name: "log4j-0:1.2.12-1jpp_1rh.src", product_id: "log4j-0:1.2.12-1jpp_1rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src", }, }, }, { category: "product_version", name: "mx4j-1:3.0.1-1jpp_4rh.src", product: { name: "mx4j-1:3.0.1-1jpp_4rh.src", product_id: "mx4j-1:3.0.1-1jpp_4rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src&epoch=1", }, }, }, { category: "product_version", name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_id: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.16.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.src", product: { name: "pcsc-lite-0:1.3.3-3.el4.src", product_id: "pcsc-lite-0:1.3.3-3.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src", }, }, }, { category: "product_version", name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_id: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", product_identification_helper: { purl: "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_id: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_id: "rhpki-native-tools-0:7.3.0-6.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-doc-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386", }, }, }, { category: "product_version", name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_id: "pcsc-lite-libs-0:1.3.3-3.el4.i386", product_identification_helper: { purl: "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386", }, }, }, ], category: "architecture", name: "i386", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS", product_id: "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4AS-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", }, product_reference: "ant-0:1.6.5-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", }, product_reference: "ant-0:1.6.5-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", }, product_reference: "avalon-logkit-0:1.2-2jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", }, product_reference: "axis-0:1.2.1-1jpp_3rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", }, product_reference: "axis-0:1.2.1-1jpp_3rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", }, product_reference: "classpathx-jaf-0:1.0-2jpp_6rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", }, product_reference: "classpathx-mail-0:1.1.1-2jpp_8rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", }, product_reference: "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", }, product_reference: "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", }, product_reference: "jakarta-commons-modeler-0:2.0-3jpp_2rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", }, product_reference: "log4j-0:1.2.12-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", }, product_reference: "mx4j-1:3.0.1-1jpp_4rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-doc-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", }, product_reference: "pcsc-lite-libs-0:1.3.3-3.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", }, product_reference: "rhpki-ca-0:7.3.0-20.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", }, product_reference: "rhpki-java-tools-0:7.3.0-10.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", }, product_reference: "rhpki-kra-0:7.3.0-14.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", }, product_reference: "rhpki-manage-0:7.3.0-19.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.i386", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", }, product_reference: "rhpki-native-tools-0:7.3.0-6.el4.x86_64", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-ocsp-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", }, product_reference: "rhpki-tks-0:7.3.0-13.el4.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.16.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", }, product_reference: "xerces-j2-0:2.7.1-1jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", }, product_reference: "xml-commons-0:1.3.02-2jpp_1rh.src", relates_to_product_reference: "4ES-CERT-7.3", }, { category: "default_component_of", full_product_name: { name: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES", product_id: "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", }, product_reference: "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", relates_to_product_reference: "4ES-CERT-7.3", }, ], }, vulnerabilities: [ { cve: "CVE-2005-2090", discovery_date: "2005-06-06T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237079", }, ], notes: [ { category: "description", text: "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"", title: "Vulnerability description", }, { category: "summary", text: "tomcat multiple content-length header poisioning", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-2090", }, { category: "external", summary: "RHBZ#237079", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237079", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-2090", url: "https://www.cve.org/CVERecord?id=CVE-2005-2090", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-2090", }, ], release_date: "2005-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat multiple content-length header poisioning", }, { cve: "CVE-2005-3510", discovery_date: "2005-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237085", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.", title: "Vulnerability description", }, { category: "summary", text: "tomcat DoS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2005-3510", }, { category: "external", summary: "RHBZ#237085", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237085", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2005-3510", url: "https://www.cve.org/CVERecord?id=CVE-2005-3510", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", url: "https://nvd.nist.gov/vuln/detail/CVE-2005-3510", }, ], release_date: "2005-11-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat DoS", }, { cve: "CVE-2006-3835", discovery_date: "2006-07-21T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237084", }, ], notes: [ { category: "description", text: "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory listing issue", title: "Vulnerability summary", }, { category: "other", text: "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3835", }, { category: "external", summary: "RHBZ#237084", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237084", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3835", url: "https://www.cve.org/CVERecord?id=CVE-2006-3835", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3835", }, ], release_date: "2006-07-21T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat directory listing issue", }, { cve: "CVE-2006-3918", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2006-07-31T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "200732", }, ], notes: [ { category: "description", text: "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", title: "Vulnerability description", }, { category: "summary", text: "httpd: Expect header XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-3918", }, { category: "external", summary: "RHBZ#200732", url: "https://bugzilla.redhat.com/show_bug.cgi?id=200732", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-3918", url: "https://www.cve.org/CVERecord?id=CVE-2006-3918", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-3918", }, ], release_date: "2006-05-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: Expect header XSS", }, { cve: "CVE-2006-5752", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-06-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245112", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_status XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2006-5752", }, { category: "external", summary: "RHBZ#245112", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245112", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2006-5752", url: "https://www.cve.org/CVERecord?id=CVE-2006-5752", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", url: "https://nvd.nist.gov/vuln/detail/CVE-2006-5752", }, ], release_date: "2007-06-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_status XSS", }, { cve: "CVE-2007-0450", discovery_date: "2007-03-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "237080", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.", title: "Vulnerability description", }, { category: "summary", text: "tomcat directory traversal", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-0450", }, { category: "external", summary: "RHBZ#237080", url: "https://bugzilla.redhat.com/show_bug.cgi?id=237080", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-0450", url: "https://www.cve.org/CVERecord?id=CVE-2007-0450", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-0450", }, ], release_date: "2007-03-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat directory traversal", }, { cve: "CVE-2007-1349", discovery_date: "2007-05-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "240423", }, ], notes: [ { category: "description", text: "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.", title: "Vulnerability description", }, { category: "summary", text: "mod_perl PerlRun denial of service", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1349", }, { category: "external", summary: "RHBZ#240423", url: "https://bugzilla.redhat.com/show_bug.cgi?id=240423", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1349", url: "https://www.cve.org/CVERecord?id=CVE-2007-1349", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1349", }, ], release_date: "2007-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_perl PerlRun denial of service", }, { cve: "CVE-2007-1358", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-04-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244803", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".", title: "Vulnerability description", }, { category: "summary", text: "tomcat accept-language xss flaw", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1358", }, { category: "external", summary: "RHBZ#244803", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244803", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1358", url: "https://www.cve.org/CVERecord?id=CVE-2007-1358", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1358", }, ], release_date: "2007-06-06T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat accept-language xss flaw", }, { cve: "CVE-2007-1863", discovery_date: "2007-05-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "244658", }, ], notes: [ { category: "description", text: "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.", title: "Vulnerability description", }, { category: "summary", text: "httpd mod_cache segfault", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-1863", }, { category: "external", summary: "RHBZ#244658", url: "https://bugzilla.redhat.com/show_bug.cgi?id=244658", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-1863", url: "https://www.cve.org/CVERecord?id=CVE-2007-1863", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-1863", }, ], release_date: "2007-05-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd mod_cache segfault", }, { cve: "CVE-2007-3304", discovery_date: "2007-06-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "245111", }, ], notes: [ { category: "description", text: "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"", title: "Vulnerability description", }, { category: "summary", text: "httpd scoreboard lack of PID protection", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3304", }, { category: "external", summary: "RHBZ#245111", url: "https://bugzilla.redhat.com/show_bug.cgi?id=245111", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3304", url: "https://www.cve.org/CVERecord?id=CVE-2007-3304", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3304", }, ], release_date: "2007-06-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd scoreboard lack of PID protection", }, { cve: "CVE-2007-3382", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247972", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"'\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookies", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3382", }, { category: "external", summary: "RHBZ#247972", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247972", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3382", url: "https://www.cve.org/CVERecord?id=CVE-2007-3382", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3382", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookies", }, { cve: "CVE-2007-3385", discovery_date: "2007-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "247976", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.", title: "Vulnerability description", }, { category: "summary", text: "tomcat handling of cookie values", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3385", }, { category: "external", summary: "RHBZ#247976", url: "https://bugzilla.redhat.com/show_bug.cgi?id=247976", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3385", url: "https://www.cve.org/CVERecord?id=CVE-2007-3385", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3385", }, ], release_date: "2007-08-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat handling of cookie values", }, { cve: "CVE-2007-3847", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2007-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "250731", }, ], notes: [ { category: "description", text: "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.", title: "Vulnerability description", }, { category: "summary", text: "httpd: out of bounds read", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-3847", }, { category: "external", summary: "RHBZ#250731", url: "https://bugzilla.redhat.com/show_bug.cgi?id=250731", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-3847", url: "https://www.cve.org/CVERecord?id=CVE-2007-3847", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-3847", }, ], release_date: "2007-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: out of bounds read", }, { cve: "CVE-2007-4465", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-09-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "289511", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.", title: "Vulnerability description", }, { category: "summary", text: "mod_autoindex XSS", title: "Vulnerability summary", }, { category: "other", text: "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-4465", }, { category: "external", summary: "RHBZ#289511", url: "https://bugzilla.redhat.com/show_bug.cgi?id=289511", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-4465", url: "https://www.cve.org/CVERecord?id=CVE-2007-4465", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-4465", }, ], release_date: "2007-09-13T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_autoindex XSS", }, { cve: "CVE-2007-5000", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2007-12-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "419931", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_imagemap XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5000", }, { category: "external", summary: "RHBZ#419931", url: "https://bugzilla.redhat.com/show_bug.cgi?id=419931", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5000", url: "https://www.cve.org/CVERecord?id=CVE-2007-5000", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5000", }, ], release_date: "2007-12-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_imagemap XSS", }, { acknowledgments: [ { names: [ "Tavis Ormandy", "Will Drewry", ], }, ], cve: "CVE-2007-5116", discovery_date: "2007-09-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "323571", }, ], notes: [ { category: "description", text: "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.", title: "Vulnerability description", }, { category: "summary", text: "perl regular expression UTF parsing errors", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5116", }, { category: "external", summary: "RHBZ#323571", url: "https://bugzilla.redhat.com/show_bug.cgi?id=323571", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5116", url: "https://www.cve.org/CVERecord?id=CVE-2007-5116", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5116", }, ], release_date: "2007-11-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl regular expression UTF parsing errors", }, { cve: "CVE-2007-5333", discovery_date: "2008-01-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427766", }, ], notes: [ { category: "description", text: "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.", title: "Vulnerability description", }, { category: "summary", text: "Improve cookie parsing for tomcat5", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5333", }, { category: "external", summary: "RHBZ#427766", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427766", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5333", url: "https://www.cve.org/CVERecord?id=CVE-2007-5333", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5333", }, ], release_date: "2008-02-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Improve cookie parsing for tomcat5", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2007-6388", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427228", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", title: "Vulnerability description", }, { category: "summary", text: "apache mod_status cross-site scripting", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-6388", }, { category: "external", summary: "RHBZ#427228", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427228", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-6388", url: "https://www.cve.org/CVERecord?id=CVE-2007-6388", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-6388", }, ], release_date: "2007-12-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apache mod_status cross-site scripting", }, { cve: "CVE-2008-0005", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-01-02T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427739", }, ], notes: [ { category: "description", text: "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.", title: "Vulnerability description", }, { category: "summary", text: "mod_proxy_ftp XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0005", }, { category: "external", summary: "RHBZ#427739", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427739", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0005", url: "https://www.cve.org/CVERecord?id=CVE-2008-0005", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0005", }, ], release_date: "2008-01-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_proxy_ftp XSS", }, { cve: "CVE-2008-0128", discovery_date: "2008-01-23T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "429821", }, ], notes: [ { category: "description", text: "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.", title: "Vulnerability description", }, { category: "summary", text: "tomcat5 SSO cookie login information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-0128", }, { category: "external", summary: "RHBZ#429821", url: "https://bugzilla.redhat.com/show_bug.cgi?id=429821", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-0128", url: "https://www.cve.org/CVERecord?id=CVE-2008-0128", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-0128", }, ], release_date: "2006-12-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat5 SSO cookie login information disclosure", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1927", discovery_date: "2008-04-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "443928", }, ], notes: [ { category: "description", text: "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.", title: "Vulnerability description", }, { category: "summary", text: "perl: heap corruption by regular expressions with utf8 characters", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1927", }, { category: "external", summary: "RHBZ#443928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=443928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1927", url: "https://www.cve.org/CVERecord?id=CVE-2008-1927", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1927", }, ], release_date: "2007-12-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "perl: heap corruption by regular expressions with utf8 characters", }, { cve: "CVE-2008-2364", discovery_date: "2008-05-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "451615", }, ], notes: [ { category: "description", text: "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", title: "Vulnerability summary", }, { category: "other", text: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", title: "Statement", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2364", }, { category: "external", summary: "RHBZ#451615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=451615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2364", url: "https://www.cve.org/CVERecord?id=CVE-2008-2364", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2364", }, ], release_date: "2008-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_http DoS via excessive interim responses from the origin server", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2939", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "458250", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp globbing XSS", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2939", }, { category: "external", summary: "RHBZ#458250", url: "https://bugzilla.redhat.com/show_bug.cgi?id=458250", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2939", url: "https://www.cve.org/CVERecord?id=CVE-2008-2939", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2939", }, ], release_date: "2008-08-05T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp globbing XSS", }, { cve: "CVE-2008-5515", discovery_date: "2009-06-08T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504753", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.", title: "Vulnerability description", }, { category: "summary", text: "tomcat request dispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-5515", }, { category: "external", summary: "RHBZ#504753", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504753", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-5515", url: "https://www.cve.org/CVERecord?id=CVE-2008-5515", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-5515", }, ], release_date: "2009-06-08T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat request dispatcher information disclosure vulnerability", }, { cve: "CVE-2009-0023", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503928", }, ], notes: [ { category: "description", text: "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.", title: "Vulnerability description", }, { category: "summary", text: "apr-util heap buffer underwrite", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0023", }, { category: "external", summary: "RHBZ#503928", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503928", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0023", url: "https://www.cve.org/CVERecord?id=CVE-2009-0023", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0023", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util heap buffer underwrite", }, { cve: "CVE-2009-0033", discovery_date: "2009-01-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "493381", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Denial-Of-Service with AJP connection", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0033", }, { category: "external", summary: "RHBZ#493381", url: "https://bugzilla.redhat.com/show_bug.cgi?id=493381", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0033", url: "https://www.cve.org/CVERecord?id=CVE-2009-0033", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0033", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat6 Denial-Of-Service with AJP connection", }, { cve: "CVE-2009-0580", discovery_date: "2009-06-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "503978", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat6 Information disclosure in authentication classes", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-0580", }, { category: "external", summary: "RHBZ#503978", url: "https://bugzilla.redhat.com/show_bug.cgi?id=503978", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-0580", url: "https://www.cve.org/CVERecord?id=CVE-2009-0580", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580", }, ], release_date: "2009-06-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat6 Information disclosure in authentication classes", }, { cve: "CVE-2009-1891", discovery_date: "2009-06-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "509125", }, ], notes: [ { category: "description", text: "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).", title: "Vulnerability description", }, { category: "summary", text: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1891", }, { category: "external", summary: "RHBZ#509125", url: "https://bugzilla.redhat.com/show_bug.cgi?id=509125", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1891", url: "https://www.cve.org/CVERecord?id=CVE-2009-1891", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1891", }, ], release_date: "2009-06-26T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: possible temporary DoS (CPU consumption) in mod_deflate", }, { cve: "CVE-2009-1955", discovery_date: "2009-06-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504555", }, ], notes: [ { category: "description", text: "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.", title: "Vulnerability description", }, { category: "summary", text: "apr-util billion laughs attack", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1955", }, { category: "external", summary: "RHBZ#504555", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504555", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1955", url: "https://www.cve.org/CVERecord?id=CVE-2009-1955", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1955", }, ], release_date: "2009-06-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util billion laughs attack", }, { cve: "CVE-2009-1956", discovery_date: "2009-06-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "504390", }, ], notes: [ { category: "description", text: "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.", title: "Vulnerability description", }, { category: "summary", text: "apr-util single NULL byte buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-1956", }, { category: "external", summary: "RHBZ#504390", url: "https://bugzilla.redhat.com/show_bug.cgi?id=504390", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-1956", url: "https://www.cve.org/CVERecord?id=CVE-2009-1956", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-1956", }, ], release_date: "2009-04-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util single NULL byte buffer overflow", }, { cve: "CVE-2009-2412", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2009-07-30T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "515698", }, ], notes: [ { category: "description", text: "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.", title: "Vulnerability description", }, { category: "summary", text: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-2412", }, { category: "external", summary: "RHBZ#515698", url: "https://bugzilla.redhat.com/show_bug.cgi?id=515698", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-2412", url: "https://www.cve.org/CVERecord?id=CVE-2009-2412", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-2412", }, ], release_date: "2009-08-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management", }, { cve: "CVE-2009-3094", discovery_date: "2009-09-04T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "521619", }, ], notes: [ { category: "description", text: "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.", title: "Vulnerability description", }, { category: "summary", text: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3094", }, { category: "external", summary: "RHBZ#521619", url: "https://bugzilla.redhat.com/show_bug.cgi?id=521619", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3094", url: "https://www.cve.org/CVERecord?id=CVE-2009-3094", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3094", }, ], release_date: "2009-09-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:N/I:N/A:P", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply", }, { cve: "CVE-2009-3095", discovery_date: "2009-09-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "522209", }, ], notes: [ { category: "description", text: "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-3095", }, { category: "external", summary: "RHBZ#522209", url: "https://bugzilla.redhat.com/show_bug.cgi?id=522209", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-3095", url: "https://www.cve.org/CVERecord?id=CVE-2009-3095", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-3095", }, ], release_date: "2009-09-03T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header", }, { cve: "CVE-2009-4901", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2009-4901", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2009-4901", url: "https://www.cve.org/CVERecord?id=CVE-2009-4901", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", url: "https://nvd.nist.gov/vuln/detail/CVE-2009-4901", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0407", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2010-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "596426", }, ], notes: [ { category: "description", text: "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.", title: "Vulnerability description", }, { category: "summary", text: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0407", }, { category: "external", summary: "RHBZ#596426", url: "https://bugzilla.redhat.com/show_bug.cgi?id=596426", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0407", url: "https://www.cve.org/CVERecord?id=CVE-2010-0407", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0407", }, ], release_date: "2010-06-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.2, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages", }, { cve: "CVE-2010-0434", discovery_date: "2010-03-03T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "570171", }, ], notes: [ { category: "description", text: "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.", title: "Vulnerability description", }, { category: "summary", text: "httpd: request header information leak", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2010-0434", }, { category: "external", summary: "RHBZ#570171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=570171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2010-0434", url: "https://www.cve.org/CVERecord?id=CVE-2010-0434", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", url: "https://nvd.nist.gov/vuln/detail/CVE-2010-0434", }, ], release_date: "2009-12-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2010-08-04T21:30:00+00:00", details: "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", product_ids: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2010:0602", }, ], scores: [ { cvss_v2: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, products: [ "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch", "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch", "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch", "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch", "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch", "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src", "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src", "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch", "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch", "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch", "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src", "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386", "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64", "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch", "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch", "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch", "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386", "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64", "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch", "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch", "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src", "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "httpd: request header information leak", }, ], }
rhsa-2008:1007
Vulnerability from csaf_redhat
Published
2008-12-08 09:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Network Satellite Server.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
Details
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a
typical operating environment, Tomcat is not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,
CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)
Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update
to these Tomcat packages which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:1007", url: "https://access.redhat.com/errata/RHSA-2008:1007", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "466875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466875", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json", }, ], title: "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server", tracking: { current_release_date: "2024-11-22T02:13:43+00:00", generator: { date: "2024-11-22T02:13:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:1007", initial_release_date: "2008-12-08T09:02:00+00:00", revision_history: [ { date: "2008-12-08T09:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-12-08T04:02:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.1::el4", }, }, }, { category: "product_name", name: "Red Hat Satellite 5.0 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.0 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.0:el4", }, }, }, ], category: "product_family", name: "Red Hat Satellite", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product_id: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_12rh.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_12rh.noarch", relates_to_product_reference: "4AS-RHNSAT5", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, { cve: "CVE-2008-3271", discovery_date: "2008-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "466875", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RemoteFilterValve Information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-3271", }, { category: "external", summary: "RHBZ#466875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-3271", url: "https://www.cve.org/CVERecord?id=CVE-2008-3271", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-3271", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-3271", }, ], release_date: "2008-10-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat RemoteFilterValve Information disclosure", }, ], }
rhsa-2008_1007
Vulnerability from csaf_redhat
Published
2008-12-08 09:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Network Satellite Server.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
Details
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a
typical operating environment, Tomcat is not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,
CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)
Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update
to these Tomcat packages which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:1007", url: "https://access.redhat.com/errata/RHSA-2008:1007", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#low", url: "https://access.redhat.com/security/updates/classification/#low", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "466875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466875", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json", }, ], title: "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server", tracking: { current_release_date: "2024-11-22T02:13:43+00:00", generator: { date: "2024-11-22T02:13:43+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:1007", initial_release_date: "2008-12-08T09:02:00+00:00", revision_history: [ { date: "2008-12-08T09:02:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-12-08T04:02:54+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:43+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.1::el4", }, }, }, { category: "product_name", name: "Red Hat Satellite 5.0 (RHEL v.4 AS)", product: { name: "Red Hat Satellite 5.0 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5", product_identification_helper: { cpe: "cpe:/a:redhat:network_satellite:5.0:el4", }, }, }, ], category: "product_family", name: "Red Hat Satellite", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product_id: "tomcat5-0:5.0.30-0jpp_12rh.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_12rh.noarch", relates_to_product_reference: "4AS-RHNSAT5.1", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)", product_id: "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", }, product_reference: "tomcat5-0:5.0.30-0jpp_12rh.noarch", relates_to_product_reference: "4AS-RHNSAT5", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, { cve: "CVE-2008-3271", discovery_date: "2008-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "466875", }, ], notes: [ { category: "description", text: "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RemoteFilterValve Information disclosure", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-3271", }, { category: "external", summary: "RHBZ#466875", url: "https://bugzilla.redhat.com/show_bug.cgi?id=466875", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-3271", url: "https://www.cve.org/CVERecord?id=CVE-2008-3271", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-3271", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-3271", }, ], release_date: "2008-10-09T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-12-08T09:02:00+00:00", details: "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html", product_ids: [ "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch", "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:1007", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat RemoteFilterValve Information disclosure", }, ], }
rhsa-2008_0862
Vulnerability from csaf_redhat
Published
2008-10-02 14:03
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Application Server v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
Tomcat process. (CVE-2007-5342)
A directory traversal vulnerability was discovered in the Apache Tomcat
webdav servlet. Under certain configurations, this allowed remote,
authenticated users to read files accessible to the local Tomcat process.
(CVE-2007-5461)
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0862", url: "https://access.redhat.com/errata/RHSA-2008:0862", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "http://tomcat.apache.org/security-5.html", url: "http://tomcat.apache.org/security-5.html", }, { category: "external", summary: "333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "427216", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427216", }, { category: "external", summary: "446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json", }, ], title: "Red Hat Security Advisory: tomcat security update", tracking: { current_release_date: "2024-11-22T02:13:30+00:00", generator: { date: "2024-11-22T02:13:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0862", initial_release_date: "2008-10-02T14:03:00+00:00", revision_history: [ { date: "2008-10-02T14:03:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-10-02T10:03:32+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Application Server v2 4AS", product: { name: "Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, { category: "product_name", name: "Red Hat Application Server v2 4ES", product: { name: "Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, { category: "product_name", name: "Red Hat Application Server v2 4WS", product: { name: "Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_application_server:2", }, }, }, ], category: "product_family", name: "Red Hat Application Server", }, { branches: [ { category: "product_version", name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, { category: "product_version", name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product_id: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product_id: "tomcat5-0:5.5.23-0jpp_4rh.9.src", product_identification_helper: { purl: "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS", product_id: "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4AS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES", product_id: "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4ES-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", }, product_reference: "tomcat5-0:5.5.23-0jpp_4rh.9.src", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, { category: "default_component_of", full_product_name: { name: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS", product_id: "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", }, product_reference: "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", relates_to_product_reference: "4WS-RHAPS2", }, ], }, vulnerabilities: [ { cve: "CVE-2007-5342", discovery_date: "2007-10-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "427216", }, ], notes: [ { category: "description", text: "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.", title: "Vulnerability description", }, { category: "summary", text: "Apache Tomcat's default security policy is too open", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5342", }, { category: "external", summary: "RHBZ#427216", url: "https://bugzilla.redhat.com/show_bug.cgi?id=427216", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5342", url: "https://www.cve.org/CVERecord?id=CVE-2007-5342", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5342", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5342", }, ], release_date: "2007-12-23T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Apache Tomcat's default security policy is too open", }, { cve: "CVE-2007-5461", discovery_date: "2007-10-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "333791", }, ], notes: [ { category: "description", text: "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.", title: "Vulnerability description", }, { category: "summary", text: "Absolute path traversal Apache Tomcat WEBDAV", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2007-5461", }, { category: "external", summary: "RHBZ#333791", url: "https://bugzilla.redhat.com/show_bug.cgi?id=333791", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2007-5461", url: "https://www.cve.org/CVERecord?id=CVE-2007-5461", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", url: "https://nvd.nist.gov/vuln/detail/CVE-2007-5461", }, ], release_date: "2007-10-14T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "Absolute path traversal Apache Tomcat WEBDAV", }, { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-1947", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-05-14T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "446393", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.", title: "Vulnerability description", }, { category: "summary", text: "Tomcat host manager xss - name field", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1947", }, { category: "external", summary: "RHBZ#446393", url: "https://bugzilla.redhat.com/show_bug.cgi?id=446393", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1947", url: "https://www.cve.org/CVERecord?id=CVE-2008-1947", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1947", }, ], release_date: "2008-06-02T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "Tomcat host manager xss - name field", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-10-02T14:03:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0862", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
rhsa-2008_0877
Vulnerability from csaf_redhat
Published
2008-09-22 13:32
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: jbossweb security update
Notes
Topic
An updated jbossweb package that fixes various security issues is now
available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and
4.3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoft® .NET, PHP, and CGI.
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)
Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and\n4.3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", title: "Topic", }, { category: "general", text: "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft® .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2008:0877", url: "https://access.redhat.com/errata/RHSA-2008:0877", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0877.json", }, ], title: "Red Hat Security Advisory: jbossweb security update", tracking: { current_release_date: "2024-11-22T02:13:38+00:00", generator: { date: "2024-11-22T02:13:38+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2008:0877", initial_release_date: "2008-09-22T13:32:00+00:00", revision_history: [ { date: "2008-09-22T13:32:00+00:00", number: "1", summary: "Initial version", }, { date: "2008-09-22T09:32:27+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T02:13:38+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", }, }, }, { category: "product_name", name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product: { name: "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", }, }, }, ], category: "product_family", name: "Red Hat JBoss Enterprise Application Platform", }, { branches: [ { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=src", }, }, }, { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=noarch", }, }, }, { category: "product_version", name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product_id: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", product_identification_helper: { purl: "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=noarch", }, }, }, ], category: "architecture", name: "noarch", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS", product_id: "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4AS-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4AS-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS", product_id: "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4AS-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES", product_id: "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4ES-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", relates_to_product_reference: "4ES-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES", product_id: "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", relates_to_product_reference: "4ES-JBEAP", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.2.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.2.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, { category: "default_component_of", full_product_name: { name: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server", product_id: "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", }, product_reference: "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", relates_to_product_reference: "5Server-JBEAP-4.3.0", }, ], }, vulnerabilities: [ { cve: "CVE-2008-1232", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457597", }, ], notes: [ { category: "description", text: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Cross-Site-Scripting enabled by sendError call", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { category: "external", summary: "RHBZ#457597", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-1232", url: "https://www.cve.org/CVERecord?id=CVE-2008-1232", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Low", }, ], title: "tomcat: Cross-Site-Scripting enabled by sendError call", }, { cve: "CVE-2008-2370", discovery_date: "2008-08-01T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "457934", }, ], notes: [ { category: "description", text: "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.", title: "Vulnerability description", }, { category: "summary", text: "tomcat RequestDispatcher information disclosure vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2370", }, { category: "external", summary: "RHBZ#457934", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457934", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2370", url: "https://www.cve.org/CVERecord?id=CVE-2008-2370", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2370", }, ], release_date: "2008-08-01T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Important", }, ], title: "tomcat RequestDispatcher information disclosure vulnerability", }, { cve: "CVE-2008-2938", discovery_date: "2008-07-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "456120", }, ], notes: [ { category: "description", text: "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.", title: "Vulnerability description", }, { category: "summary", text: "tomcat Unicode directory traversal vulnerability", title: "Vulnerability summary", }, ], product_status: { fixed: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2008-2938", }, { category: "external", summary: "RHBZ#456120", url: "https://bugzilla.redhat.com/show_bug.cgi?id=456120", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2008-2938", url: "https://www.cve.org/CVERecord?id=CVE-2008-2938", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-2938", }, ], release_date: "2008-08-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2008-09-22T13:32:00+00:00", details: "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", product_ids: [ "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch", "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch", "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2008:0877", }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat Unicode directory traversal vulnerability", }, ], }
ghsa-q74x-qqhr-f8rx
Vulnerability from github
Published
2022-05-01 23:37
Modified
2023-09-22 23:13
Summary
Apache Tomcat Cross-site scripting (XSS) vulnerability
Details
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
{ affected: [ { database_specific: { last_known_affected_version_range: "<= 4.1.37", }, package: { ecosystem: "Maven", name: "org.apache.tomcat:tomcat", }, ranges: [ { events: [ { introduced: "4.1.0", }, { fixed: "4.1.38", }, ], type: "ECOSYSTEM", }, ], }, { database_specific: { last_known_affected_version_range: "<= 5.5.26", }, package: { ecosystem: "Maven", name: "org.apache.tomcat:tomcat", }, ranges: [ { events: [ { introduced: "5.5.0", }, { fixed: "5.5.27", }, ], type: "ECOSYSTEM", }, ], }, { database_specific: { last_known_affected_version_range: "<= 6.0.16", }, package: { ecosystem: "Maven", name: "org.apache.tomcat:tomcat", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.0.17", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2008-1232", ], database_specific: { cwe_ids: [ "CWE-79", ], github_reviewed: true, github_reviewed_at: "2023-09-22T23:13:03Z", nvd_published_at: "2008-08-04T01:41:00Z", severity: "MODERATE", }, details: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", id: "GHSA-q74x-qqhr-f8rx", modified: "2023-09-22T23:13:03Z", published: "2022-05-01T23:37:49Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2008-1232", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", }, { type: "WEB", url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", }, { type: "WEB", url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", }, { type: "WEB", url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", }, { type: "WEB", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", }, { type: "WEB", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E", }, { type: "WEB", url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", }, { type: "PACKAGE", url: "https://github.com/apache/tomcat", }, { type: "WEB", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", }, { type: "WEB", url: "https://bugzilla.redhat.com/show_bug.cgi?id=457597", }, { type: "WEB", url: "https://access.redhat.com/security/cve/CVE-2008-1232", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2010:0602", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2008:1007", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2008:0877", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2008:0864", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2008:0862", }, { type: "WEB", url: "https://access.redhat.com/errata/RHSA-2008:0648", }, { type: "WEB", url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", }, { type: "WEB", url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { type: "WEB", url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { type: "WEB", url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", }, { type: "WEB", url: "http://secunia.com/advisories/31379", }, { type: "WEB", url: "http://secunia.com/advisories/31381", }, { type: "WEB", url: "http://secunia.com/advisories/31639", }, { type: "WEB", url: "http://secunia.com/advisories/31865", }, { type: "WEB", url: "http://secunia.com/advisories/31891", }, { type: "WEB", url: "http://secunia.com/advisories/31982", }, { type: "WEB", url: "http://secunia.com/advisories/32120", }, { type: "WEB", url: "http://secunia.com/advisories/32222", }, { type: "WEB", url: "http://secunia.com/advisories/32266", }, { type: "WEB", url: "http://secunia.com/advisories/33797", }, { type: "WEB", url: "http://secunia.com/advisories/33999", }, { type: "WEB", url: "http://secunia.com/advisories/34013", }, { type: "WEB", url: "http://secunia.com/advisories/35474", }, { type: "WEB", url: "http://secunia.com/advisories/36108", }, { type: "WEB", url: "http://secunia.com/advisories/37460", }, { type: "WEB", url: "http://secunia.com/advisories/57126", }, { type: "WEB", url: "http://securityreason.com/securityalert/4098", }, { type: "WEB", url: "http://support.apple.com/kb/HT3216", }, { type: "WEB", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", }, { type: "WEB", url: "http://tomcat.apache.org/security-4.html", }, { type: "WEB", url: "http://tomcat.apache.org/security-5.html", }, { type: "WEB", url: "http://tomcat.apache.org/security-6.html", }, { type: "WEB", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", }, { type: "WEB", url: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", }, { type: "WEB", url: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", }, { type: "WEB", url: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", }, { type: "WEB", url: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", }, { type: "WEB", url: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", }, { type: "WEB", url: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", }, { type: "WEB", url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { type: "WEB", url: "http://www.securityfocus.com/bid/30496", }, { type: "WEB", url: "http://www.securityfocus.com/bid/31681", }, { type: "WEB", url: "http://www.securitytracker.com/id?1020622", }, { type: "WEB", url: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", }, { type: "WEB", url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2008/2305", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2008/2780", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2008/2823", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2009/0320", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2009/0503", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2009/1609", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2009/2194", }, { type: "WEB", url: "http://www.vupen.com/english/advisories/2009/3316", }, ], schema_version: "1.4.0", severity: [], summary: "Apache Tomcat Cross-site scripting (XSS) vulnerability", }
fkie_cve-2008-1232
Vulnerability from fkie_nvd
Published
2008-08-04 01:41
Modified
2024-11-21 00:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "458FD040-A592-486C-A20B-4EADDEF11548", versionEndIncluding: "4.1.37", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "23442E8F-FB06-4198-91A3-B98DD56124D4", versionEndIncluding: "5.5.26", versionStartIncluding: "5.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", matchCriteriaId: "AC0B6510-25D7-406A-B6F2-25AB6C3EBB67", versionEndIncluding: "6.0.16", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", }, { lang: "es", value: "Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, permite a atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de una cadena manipulada usada en el argumento message del método HttpServletResponse.sendError.", }, ], id: "CVE-2008-1232", lastModified: "2024-11-21T00:44:00.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-08-04T01:41:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31379", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31381", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31639", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31865", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31891", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31982", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32120", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32222", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32266", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33797", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33999", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/34013", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/35474", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/36108", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37460", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/57126", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://securityreason.com/securityalert/4098", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT3216", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-4.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-5.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-6.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30496", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31681", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020622", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2305", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2780", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2823", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/0320", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/0503", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/1609", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/2194", }, { source: "secalert@redhat.com", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", }, { source: "secalert@redhat.com", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", }, { source: "secalert@redhat.com", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31381", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31639", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31865", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31891", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32222", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33999", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/34013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/35474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/36108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/57126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://securityreason.com/securityalert/4098", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT3216", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-4.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-5.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-6.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30496", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31681", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020622", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2780", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2823", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/0320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/0503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/1609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/2194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2008-1232
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
Aliases
Aliases
{ GSD: { alias: "CVE-2008-1232", description: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", id: "GSD-2008-1232", references: [ "https://www.suse.com/security/cve/CVE-2008-1232.html", "https://access.redhat.com/errata/RHSA-2010:0602", "https://access.redhat.com/errata/RHSA-2008:1007", "https://access.redhat.com/errata/RHSA-2008:0877", "https://access.redhat.com/errata/RHSA-2008:0864", "https://access.redhat.com/errata/RHSA-2008:0862", "https://access.redhat.com/errata/RHSA-2008:0648", "https://linux.oracle.com/cve/CVE-2008-1232.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2008-1232", ], details: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", id: "GSD-2008-1232", modified: "2023-12-13T01:23:02.882177Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2008-1232", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_affected: "=", version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://secunia.com/advisories/37460", refsource: "MISC", url: "http://secunia.com/advisories/37460", }, { name: "http://tomcat.apache.org/security-4.html", refsource: "MISC", url: "http://tomcat.apache.org/security-4.html", }, { name: "http://tomcat.apache.org/security-5.html", refsource: "MISC", url: "http://tomcat.apache.org/security-5.html", }, { name: "http://tomcat.apache.org/security-6.html", refsource: "MISC", url: "http://tomcat.apache.org/security-6.html", }, { name: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { name: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", refsource: "MISC", url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { name: "http://www.vupen.com/english/advisories/2009/3316", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2009/3316", }, { name: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", }, { name: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", refsource: "MISC", url: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", }, { name: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", refsource: "MISC", url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { name: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", refsource: "MISC", url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", }, { name: "http://secunia.com/advisories/32120", refsource: "MISC", url: "http://secunia.com/advisories/32120", }, { name: "http://secunia.com/advisories/32222", refsource: "MISC", url: "http://secunia.com/advisories/32222", }, { name: "http://secunia.com/advisories/32266", refsource: "MISC", url: "http://secunia.com/advisories/32266", }, { name: "http://secunia.com/advisories/57126", refsource: "MISC", url: "http://secunia.com/advisories/57126", }, { name: "http://support.apple.com/kb/HT3216", refsource: "MISC", url: "http://support.apple.com/kb/HT3216", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", refsource: "MISC", url: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", }, { name: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", refsource: "MISC", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", }, { name: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", refsource: "MISC", url: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", }, { name: "http://www.securityfocus.com/bid/31681", refsource: "MISC", url: "http://www.securityfocus.com/bid/31681", }, { name: "http://www.vupen.com/english/advisories/2008/2780", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2008/2780", }, { name: "http://www.vupen.com/english/advisories/2008/2823", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2008/2823", }, { name: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", refsource: "MISC", url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", }, { name: "http://secunia.com/advisories/31982", refsource: "MISC", url: "http://secunia.com/advisories/31982", }, { name: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", refsource: "MISC", url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", }, { name: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", refsource: "MISC", url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { name: "http://secunia.com/advisories/31379", refsource: "MISC", url: "http://secunia.com/advisories/31379", }, { name: "http://secunia.com/advisories/31381", refsource: "MISC", url: "http://secunia.com/advisories/31381", }, { name: "http://secunia.com/advisories/31639", refsource: "MISC", url: "http://secunia.com/advisories/31639", }, { name: "http://secunia.com/advisories/31865", refsource: "MISC", url: "http://secunia.com/advisories/31865", }, { name: "http://secunia.com/advisories/31891", refsource: "MISC", url: "http://secunia.com/advisories/31891", }, { name: "http://secunia.com/advisories/33797", refsource: "MISC", url: "http://secunia.com/advisories/33797", }, { name: "http://secunia.com/advisories/33999", refsource: "MISC", url: "http://secunia.com/advisories/33999", }, { name: "http://secunia.com/advisories/34013", refsource: "MISC", url: "http://secunia.com/advisories/34013", }, { name: "http://secunia.com/advisories/35474", refsource: "MISC", url: "http://secunia.com/advisories/35474", }, { name: "http://secunia.com/advisories/36108", refsource: "MISC", url: "http://secunia.com/advisories/36108", }, { name: "http://securityreason.com/securityalert/4098", refsource: "MISC", url: "http://securityreason.com/securityalert/4098", }, { name: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", refsource: "MISC", url: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", }, { name: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", refsource: "MISC", url: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", }, { name: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", }, { name: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", }, { name: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", refsource: "MISC", url: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", }, { name: "http://www.securityfocus.com/bid/30496", refsource: "MISC", url: "http://www.securityfocus.com/bid/30496", }, { name: "http://www.securitytracker.com/id?1020622", refsource: "MISC", url: "http://www.securitytracker.com/id?1020622", }, { name: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", refsource: "MISC", url: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", }, { name: "http://www.vupen.com/english/advisories/2008/2305", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2008/2305", }, { name: "http://www.vupen.com/english/advisories/2009/0320", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2009/0320", }, { name: "http://www.vupen.com/english/advisories/2009/0503", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2009/0503", }, { name: "http://www.vupen.com/english/advisories/2009/1609", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2009/1609", }, { name: "http://www.vupen.com/english/advisories/2009/2194", refsource: "MISC", url: "http://www.vupen.com/english/advisories/2009/2194", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", }, { name: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", refsource: "MISC", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", }, { name: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", refsource: "MISC", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", }, { name: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", refsource: "MISC", url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", }, { name: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", refsource: "MISC", url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", }, { name: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", refsource: "MISC", url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", }, { name: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", refsource: "MISC", url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", }, { name: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", refsource: "MISC", url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "6.0.16", versionStartIncluding: "6.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.1.37", versionStartIncluding: "4.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "5.5.26", versionStartIncluding: "5.5.0", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2008-1232", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-79", }, ], }, ], }, references: { reference_data: [ { name: "http://tomcat.apache.org/security-4.html", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-4.html", }, { name: "http://tomcat.apache.org/security-5.html", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-5.html", }, { name: "http://tomcat.apache.org/security-6.html", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "http://tomcat.apache.org/security-6.html", }, { name: "30496", refsource: "BID", tags: [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/30496", }, { name: "1020622", refsource: "SECTRACK", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020622", }, { name: "RHSA-2008:0648", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0648.html", }, { name: "31379", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31379", }, { name: "31381", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31381", }, { name: "MDVSA-2008:188", refsource: "MANDRIVA", tags: [ "Third Party Advisory", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188", }, { name: "31639", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31639", }, { name: "FEDORA-2008-8130", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html", }, { name: "SUSE-SR:2008:018", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html", }, { name: "31891", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31891", }, { name: "FEDORA-2008-8113", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html", }, { name: "FEDORA-2008-7977", refsource: "FEDORA", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html", }, { name: "31865", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31865", }, { name: "RHSA-2008:0864", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0864.html", }, { name: "RHSA-2008:0862", refsource: "REDHAT", tags: [ "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2008-0862.html", }, { name: "APPLE-SA-2008-10-09", refsource: "APPLE", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html", }, { name: "31681", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/31681", }, { name: "32222", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32222", }, { name: "http://support.apple.com/kb/HT3216", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://support.apple.com/kb/HT3216", }, { name: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", }, { name: "4098", refsource: "SREASON", tags: [ "Third Party Advisory", ], url: "http://securityreason.com/securityalert/4098", }, { name: "31982", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/31982", }, { name: "HPSBUX02401", refsource: "HP", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=123376588623823&w=2", }, { name: "33797", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33797", }, { name: "SUSE-SR:2009:004", refsource: "SUSE", tags: [ "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html", }, { name: "32120", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32120", }, { name: "32266", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/32266", }, { name: "33999", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/33999", }, { name: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", }, { name: "ADV-2009-0503", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/0503", }, { name: "34013", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/34013", }, { name: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", refsource: "CONFIRM", tags: [ "Broken Link", ], url: "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", }, { name: "35474", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/35474", }, { name: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", refsource: "CONFIRM", tags: [ "Broken Link", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", }, { name: "ADV-2009-1609", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/1609", }, { name: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", refsource: "CONFIRM", tags: [ "Broken Link", ], url: "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", }, { name: "36108", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/36108", }, { name: "ADV-2009-2194", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/2194", }, { name: "37460", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37460", }, { name: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", refsource: "CONFIRM", tags: [ "Third Party Advisory", ], url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", }, { name: "ADV-2009-3316", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/3316", }, { name: "ADV-2008-2780", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2780", }, { name: "ADV-2009-0320", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2009/0320", }, { name: "ADV-2008-2823", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2823", }, { name: "ADV-2008-2305", refsource: "VUPEN", tags: [ "URL Repurposed", ], url: "http://www.vupen.com/english/advisories/2008/2305", }, { name: "HPSBST02955", refsource: "HP", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=139344343412337&w=2", }, { name: "57126", refsource: "SECUNIA", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/57126", }, { name: "tomcat-httpservletresponse-xss(44155)", refsource: "XF", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155", }, { name: "oval:org.mitre.oval:def:5985", refsource: "OVAL", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985", }, { name: "oval:org.mitre.oval:def:11181", refsource: "OVAL", tags: [ "Tool Signature", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181", }, { name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", refsource: "BUGTRAQ", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded", }, { name: "20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management", refsource: "BUGTRAQ", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/505556/100/0/threaded", }, { name: "20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability", refsource: "BUGTRAQ", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/504351/100/0/threaded", }, { name: "20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability", refsource: "BUGTRAQ", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/495021/100/0/threaded", }, { name: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", tags: [], url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", tags: [], url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", tags: [], url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", tags: [], url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", tags: [], url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", tags: [], url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", }, { name: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", refsource: "MISC", tags: [], url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, }, lastModifiedDate: "2023-02-13T02:18Z", publishedDate: "2008-08-04T01:41Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.