Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-2693
Vulnerability from cvelistv5
Published
2010-01-28 20:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T05:59:56.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBUX02541", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "name": "HPSBMA02535", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev" }, { "name": "39317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39317" }, { "name": "DSA-2207", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "openSUSE-SU-2012:1700", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "name": "HPSBUX02860", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "40330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40330" }, { "name": "MDVSA-2010:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" }, { "name": "1023505", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1023505" }, { "name": "43310", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43310" }, { "name": "tomcat-war-directory-traversal(55855)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55855" }, { "name": "SSRT100029", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "ADV-2010-1559", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1559" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "HPSBOV02762", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "37944", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/37944" }, { "name": "ADV-2010-1986", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/1986" }, { "name": "RHSA-2010:0580", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html" }, { "name": "oval:org.mitre.oval:def:7017", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017" }, { "name": "40813", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/40813" }, { "name": "38541", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38541" }, { "name": "MDVSA-2010:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "57126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/57126" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/509148/100/0/threaded" }, { "name": "USN-899-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://ubuntu.com/usn/usn-899-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "SUSE-SR:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "openSUSE-SU-2013:0147", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "name": "38687", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38687" }, { "name": "38346", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38346" }, { "name": "SSRT100825", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-5.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0119", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "name": "RHSA-2010:0582", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html" }, { "name": "oval:org.mitre.oval:def:19355", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355" }, { "name": "SSRT101146", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "38316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38316" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-0213", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0213" }, { "name": "HPSBST02955", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "SSRT100145", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev" }, { "name": "openSUSE-SU-2012:1701", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2010-01-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:09:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "HPSBUX02541", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "name": "HPSBMA02535", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev" }, { "name": "39317", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39317" }, { "name": "DSA-2207", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "openSUSE-SU-2012:1700", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "name": "HPSBUX02860", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "40330", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40330" }, { "name": "MDVSA-2010:177", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" }, { "name": "1023505", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1023505" }, { "name": "43310", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43310" }, { "name": "tomcat-war-directory-traversal(55855)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55855" }, { "name": "SSRT100029", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "ADV-2010-1559", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1559" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "HPSBOV02762", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "37944", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/37944" }, { "name": "ADV-2010-1986", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/1986" }, { "name": "RHSA-2010:0580", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html" }, { "name": "oval:org.mitre.oval:def:7017", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017" }, { "name": "40813", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/40813" }, { "name": "38541", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38541" }, { "name": "MDVSA-2010:176", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "57126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/57126" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/509148/100/0/threaded" }, { "name": "USN-899-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://ubuntu.com/usn/usn-899-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4077" }, { "name": "SUSE-SR:2010:008", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "openSUSE-SU-2013:0147", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "name": "38687", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38687" }, { "name": "38346", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38346" }, { "name": "SSRT100825", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-5.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0119", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "name": "RHSA-2010:0582", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html" }, { "name": "oval:org.mitre.oval:def:19355", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355" }, { "name": "SSRT101146", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "38316", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38316" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-0213", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0213" }, { "name": "HPSBST02955", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "SSRT100145", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev" }, { "name": "openSUSE-SU-2012:1701", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2693", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBUX02541", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "name": "HPSBMA02535", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev" }, { "name": "39317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39317" }, { "name": "DSA-2207", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "openSUSE-SU-2012:1700", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "name": "HPSBUX02860", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "40330", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40330" }, { "name": "MDVSA-2010:177", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" }, { "name": "1023505", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023505" }, { "name": "43310", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43310" }, { "name": "tomcat-war-directory-traversal(55855)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55855" }, { "name": "SSRT100029", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "ADV-2010-1559", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1559" }, { "name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "HPSBOV02762", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "37944", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37944" }, { "name": "ADV-2010-1986", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1986" }, { "name": "RHSA-2010:0580", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html" }, { "name": "oval:org.mitre.oval:def:7017", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017" }, { "name": "40813", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40813" }, { "name": "38541", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38541" }, { "name": "MDVSA-2010:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "57126", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57126" }, { "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509148/100/0/threaded" }, { "name": "USN-899-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-899-1" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" }, { "name": "SUSE-SR:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "openSUSE-SU-2013:0147", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "name": "38687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38687" }, { "name": "38346", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38346" }, { "name": "SSRT100825", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0119", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "name": "RHSA-2010:0582", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html" }, { "name": "oval:org.mitre.oval:def:19355", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355" }, { "name": "SSRT101146", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "38316", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38316" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-0213", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0213" }, { "name": "HPSBST02955", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "SSRT100145", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "name": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev" }, { "name": "openSUSE-SU-2012:1701", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2693", "datePublished": "2010-01-28T20:00:00", "dateReserved": "2009-08-05T00:00:00", "dateUpdated": "2024-08-07T05:59:56.959Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-2693\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-01-28T20:30:01.167\",\"lastModified\":\"2024-11-21T01:05:31.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en Apache Tomcat v5.5.0 a la v5.5.28 y v6.0.0 a la v6.0.20, permite a atacantes remotos crear, sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en una entrada en un archivo WAR, como se demostr\u00f3 con la entrada ../../bin/catalina.bat.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E98B82A-22E5-4E6C-90AE-56F5780EA147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34672E90-C220-436B-9143-480941227933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92883AFA-A02F-41A5-9977-ABEAC8AD2970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"989A78F8-EE92-465F-8A8D-ECF0B58AFE7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFB09F3-32D1-479C-8C39-D7329D9A6623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56581E2-9ECD-426A-96D8-A9D958900AD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717F6995-5AF0-484C-90C0-A82F25FD2E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0C01D5-773F-469C-9E69-170C2844AAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB03FDFB-4DBF-4B70-BFA3-570D1DE67695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5CF79C-759B-4FF9-90EE-847264059E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"357651FD-392E-4775-BF20-37A23B3ABAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585B9476-6B86-4809-9B9E-26112114CB59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6145036D-4FCE-4EBE-A137-BDFA69BA54F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E437055A-0A81-413F-AB08-0E9D0DC9EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9276A093-9C98-4617-9941-2276995F5848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98575E2-E39A-4A8F-B5B5-BD280B8367BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5878E08E-2741-4798-94E9-BA8E07386B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F6BAB7-C099-4345-A632-7287AEA555B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3AAF031-D16B-4D51-9581-2D1376A5157B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51120689-F5C0-4DF1-91AA-314C40A46C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F67477AB-85F6-421C-9C0B-C8EFB1B200CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D70CFD9-B55D-4A29-B94C-D33F3E881A8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1195878-CCC9-49BC-9AC7-1F88F0DFAB82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6B93A3A-D487-4CA1-8257-26F8FE287B8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8461DF95-18DC-4BF5-A703-7F19DA88DC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38316\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38346\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38541\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38687\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/39317\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40330\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/40813\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43310\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1023505\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://svn.apache.org/viewvc?rev=892815\u0026view=rev\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=902650\u0026view=rev\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://ubuntu.com/usn/usn-899-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2207\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0119.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0580.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0582.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/509148/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/516397/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37944\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0213\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1559\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1986\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55855\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/39317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40330\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/40813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43310\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1023505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?rev=892815\u0026view=rev\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?rev=902650\u0026view=rev\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://ubuntu.com/usn/usn-899-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:177\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0119.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0580.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0582.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/509148/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/516397/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/37944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2011-0003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/55855\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2693\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\\n\\nThis issue has been addressed in JBoss Enterprise Web Server 1.0.1: https://rhn.redhat.com/errata/RHSA-2010-0119.html\",\"lastModified\":\"2010-03-02T00:00:00\"}]}}" } }
gsd-2009-2693
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2009-2693", "description": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.", "id": "GSD-2009-2693", "references": [ "https://www.suse.com/security/cve/CVE-2009-2693.html", "https://www.debian.org/security/2011/dsa-2207", "https://access.redhat.com/errata/RHSA-2010:0693", "https://access.redhat.com/errata/RHSA-2010:0582", "https://access.redhat.com/errata/RHSA-2010:0580", "https://access.redhat.com/errata/RHSA-2010:0119", "https://linux.oracle.com/cve/CVE-2009-2693.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2009-2693" ], "details": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.", "id": "GSD-2009-2693", "modified": "2023-12-13T01:19:46.292580Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2693", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBUX02541", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "name": "HPSBMA02535", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev" }, { "name": "39317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39317" }, { "name": "DSA-2207", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "openSUSE-SU-2012:1700", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "name": "HPSBUX02860", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "40330", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40330" }, { "name": "MDVSA-2010:177", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" }, { "name": "1023505", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023505" }, { "name": "43310", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43310" }, { "name": "tomcat-war-directory-traversal(55855)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55855" }, { "name": "SSRT100029", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "ADV-2010-1559", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1559" }, { "name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "HPSBOV02762", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "37944", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37944" }, { "name": "ADV-2010-1986", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1986" }, { "name": "RHSA-2010:0580", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html" }, { "name": "oval:org.mitre.oval:def:7017", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017" }, { "name": "40813", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40813" }, { "name": "38541", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38541" }, { "name": "MDVSA-2010:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "57126", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57126" }, { "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/509148/100/0/threaded" }, { "name": "USN-899-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-899-1" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" }, { "name": "SUSE-SR:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "openSUSE-SU-2013:0147", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "name": "38687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38687" }, { "name": "38346", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38346" }, { "name": "SSRT100825", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-5.html" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "RHSA-2010:0119", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "name": "RHSA-2010:0582", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html" }, { "name": "oval:org.mitre.oval:def:19355", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355" }, { "name": "SSRT101146", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "38316", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38316" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "ADV-2010-0213", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0213" }, { "name": "HPSBST02955", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "SSRT100145", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "name": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev" }, { "name": "openSUSE-SU-2012:1701", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2693" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-22" } ] } ] }, "references": { "reference_data": [ { "name": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev" }, { "name": "1023505", "refsource": "SECTRACK", "tags": [], "url": "http://securitytracker.com/id?1023505" }, { "name": "ADV-2010-0213", "refsource": "VUPEN", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2010/0213" }, { "name": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev", "refsource": "CONFIRM", "tags": [], "url": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev" }, { "name": "38316", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38316" }, { "name": "38346", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/38346" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://tomcat.apache.org/security-6.html" }, { "name": "http://tomcat.apache.org/security-5.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://tomcat.apache.org/security-5.html" }, { "name": "37944", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/37944" }, { "name": "38541", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38541" }, { "name": "USN-899-1", "refsource": "UBUNTU", "tags": [], "url": "http://ubuntu.com/usn/usn-899-1" }, { "name": "38687", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38687" }, { "name": "RHSA-2010:0119", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "tags": [], "url": "http://support.apple.com/kb/HT4077" }, { "name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "tags": [], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "SUSE-SR:2010:008", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "name": "39317", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/39317" }, { "name": "40330", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/40330" }, { "name": "ADV-2010-1559", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/1559" }, { "name": "HPSBUX02541", "refsource": "HP", "tags": [], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113" }, { "name": "40813", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/40813" }, { "name": "RHSA-2010:0580", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2010-0580.html" }, { "name": "ADV-2010-1986", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/1986" }, { "name": "RHSA-2010:0582", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2010-0582.html" }, { "name": "MDVSA-2010:176", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "name": "MDVSA-2010:177", "refsource": "MANDRIVA", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" }, { "name": "43310", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/43310" }, { "name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "name": "DSA-2207", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2011/dsa-2207" }, { "name": "openSUSE-SU-2012:1700", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "name": "openSUSE-SU-2012:1701", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "name": "openSUSE-SU-2013:0147", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "name": "HPSBUX02860", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "name": "HPSBST02955", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "name": "57126", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/57126" }, { "name": "HPSBOV02762", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "name": "HPSBMA02535", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "name": "tomcat-war-directory-traversal(55855)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55855" }, { "name": "oval:org.mitre.oval:def:7017", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7017" }, { "name": "oval:org.mitre.oval:def:19355", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19355" }, { "name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "name": "20100124 [SECURITY] CVE-2009-2693 Apache Tomcat unexpected file deletion and/or alteration", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/509148/100/0/threaded" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2019-03-25T11:30Z", "publishedDate": "2010-01-28T20:30Z" } } }
rhsa-2010_0582
Vulnerability from csaf_redhat
Published
2010-08-02 20:17
Modified
2024-11-22 03:34
Summary
Red Hat Security Advisory: tomcat5 security update
Notes
Topic
Updated tomcat5 packages that fix three security issues are now available
for Red Hat Application Server v2.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)
Two directory traversal flaws were found in the Tomcat deployment process.
A specially-crafted WAR file could, when deployed, cause a file to be
created outside of the web root into any directory writable by the Tomcat
user, or could lead to the deletion of files in the Tomcat host's work
directory. (CVE-2009-2693, CVE-2009-2902)
Users of Tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues. Tomcat must be restarted for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat5 packages that fix three security issues are now available\nfor Red Hat Application Server v2.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nTwo directory traversal flaws were found in the Tomcat deployment process.\nA specially-crafted WAR file could, when deployed, cause a file to be\ncreated outside of the web root into any directory writable by the Tomcat\nuser, or could lead to the deletion of files in the Tomcat host\u0027s work\ndirectory. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues. Tomcat must be restarted for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0582", "url": "https://access.redhat.com/errata/RHSA-2010:0582" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "559738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559738" }, { "category": "external", "summary": "559761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559761" }, { "category": "external", "summary": "612799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=612799" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0582.json" } ], "title": "Red Hat Security Advisory: tomcat5 security update", "tracking": { "current_release_date": "2024-11-22T03:34:28+00:00", "generator": { "date": "2024-11-22T03:34:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2010:0582", "initial_release_date": "2010-08-02T20:17:00+00:00", "revision_history": [ { "date": "2010-08-02T20:17:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-08-02T16:17:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:34:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Application Server v2 4AS", "product": { "name": "Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } }, { "category": "product_name", "name": "Red Hat Application Server v2 4ES", "product": { "name": "Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } }, { "category": "product_name", "name": "Red Hat Application Server v2 4WS", "product": { "name": "Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_application_server:2" } } } ], "category": "product_family", "name": "Red Hat Application Server" }, { "branches": [ { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.17?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.17?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.17.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.src", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.17.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.17?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.src as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.17.src", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4AS", "product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4AS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.src as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.17.src", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4ES", "product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4ES-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.17.src as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.17.src", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch as a component of Red Hat Application Server v2 4WS", "product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "relates_to_product_reference": "4WS-RHAPS2" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-2693", "discovery_date": "2010-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559738" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: unexpected file deletion and/or alteration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2693" }, { "category": "external", "summary": "RHBZ#559738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559738" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2693", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2693" } ], "release_date": "2010-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-02T20:17:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0582" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: unexpected file deletion and/or alteration" }, { "cve": "CVE-2009-2902", "discovery_date": "2010-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559761" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: unexpected file deletion in work directory", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2902" }, { "category": "external", "summary": "RHBZ#559761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559761" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2902", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2902", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2902" } ], "release_date": "2010-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-02T20:17:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0582" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: unexpected file deletion in work directory" }, { "cve": "CVE-2010-2227", "discovery_date": "2010-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "612799" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: information leak vulnerability in the handling of \u0027Transfer-Encoding\u0027 header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-2227" }, { "category": "external", "summary": "RHBZ#612799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=612799" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2227", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2227", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2227" } ], "release_date": "2010-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-08-02T20:17:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0582" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.17.src", "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.17.noarch", "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.17.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat: information leak vulnerability in the handling of \u0027Transfer-Encoding\u0027 header" } ] }
rhsa-2010_0693
Vulnerability from csaf_redhat
Published
2010-09-10 08:34
Modified
2024-11-22 03:34
Summary
Red Hat Security Advisory: tomcat5 security update
Notes
Topic
Updated tomcat5 packages that fix three security issues are now available
for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A flaw was found in the way Tomcat handled the Transfer-Encoding header in
HTTP requests. A specially-crafted HTTP request could prevent Tomcat from
sending replies, or cause Tomcat to return truncated replies, or replies
containing data related to the requests of other users, for all subsequent
HTTP requests. (CVE-2010-2227)
This erratum fixes two additional security flaws in Tomcat. In a typical
operating environment, Tomcat is not exposed to users of Red Hat
Certificate System in a vulnerable manner. These fixes will reduce risk in
unique Certificate System environments. (CVE-2009-2693, CVE-2009-2902)
Users of Red Hat Certificate System 7.3 should upgrade to these updated
tomcat5 packages, which contain backported patches to correct these issues.
After installing the updated packages, the Red Hat Certificate System CA
(rhpki-ca), DRM (rhpki-kra), OCSP (rhpki-ocsp), and TKS (rhpki-tks)
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated tomcat5 packages that fix three security issues are now available\nfor Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA flaw was found in the way Tomcat handled the Transfer-Encoding header in\nHTTP requests. A specially-crafted HTTP request could prevent Tomcat from\nsending replies, or cause Tomcat to return truncated replies, or replies\ncontaining data related to the requests of other users, for all subsequent\nHTTP requests. (CVE-2010-2227)\n\nThis erratum fixes two additional security flaws in Tomcat. In a typical\noperating environment, Tomcat is not exposed to users of Red Hat\nCertificate System in a vulnerable manner. These fixes will reduce risk in\nunique Certificate System environments. (CVE-2009-2693, CVE-2009-2902)\n\nUsers of Red Hat Certificate System 7.3 should upgrade to these updated\ntomcat5 packages, which contain backported patches to correct these issues.\nAfter installing the updated packages, the Red Hat Certificate System CA\n(rhpki-ca), DRM (rhpki-kra), OCSP (rhpki-ocsp), and TKS (rhpki-tks)\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthis update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0693", "url": "https://access.redhat.com/errata/RHSA-2010:0693" }, { "category": "external", "summary": "http://www.redhat.com/security/updates/classification/#important", "url": "http://www.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://tomcat.apache.org/security-5.html", "url": "http://tomcat.apache.org/security-5.html" }, { "category": "external", "summary": "559738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559738" }, { "category": "external", "summary": "559761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559761" }, { "category": "external", "summary": "612799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=612799" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0693.json" } ], "title": "Red Hat Security Advisory: tomcat5 security update", "tracking": { "current_release_date": "2024-11-22T03:34:39+00:00", "generator": { "date": "2024-11-22T03:34:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2010:0693", "initial_release_date": "2010-09-10T08:34:00+00:00", "revision_history": [ { "date": "2010-09-10T08:34:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-09-10T04:37:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:34:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Certificate System 7.3 for 4AS", "product": { "name": "Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:certificate_system:7.3" } } }, { "category": "product_name", "name": "Red Hat Certificate System 7.3 for 4ES", "product": { "name": "Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:certificate_system:7.3" } } } ], "category": "product_family", "name": "Red Hat Certificate System" }, { "branches": [ { "category": "product_version", "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "product": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.19?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.19?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.19?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.19?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.19?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.19?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tomcat5-0:5.5.23-0jpp_4rh.19.src", "product": { "name": "tomcat5-0:5.5.23-0jpp_4rh.19.src", "product_id": "tomcat5-0:5.5.23-0jpp_4rh.19.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.19?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.19.src as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.19.src", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4AS", "product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4AS-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.23-0jpp_4rh.19.src as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src" }, "product_reference": "tomcat5-0:5.5.23-0jpp_4rh.19.src", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4ES-CERT-7.3" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch as a component of Red Hat Certificate System 7.3 for 4ES", "product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "relates_to_product_reference": "4ES-CERT-7.3" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-2693", "discovery_date": "2010-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559738" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: unexpected file deletion and/or alteration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2693" }, { "category": "external", "summary": "RHBZ#559738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559738" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2693", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2693" } ], "release_date": "2010-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-09-10T08:34:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0693" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: unexpected file deletion and/or alteration" }, { "cve": "CVE-2009-2902", "discovery_date": "2010-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559761" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: unexpected file deletion in work directory", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2902" }, { "category": "external", "summary": "RHBZ#559761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559761" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2902", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2902", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2902" } ], "release_date": "2010-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-09-10T08:34:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0693" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: unexpected file deletion in work directory" }, { "cve": "CVE-2010-2227", "discovery_date": "2010-07-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "612799" } ], "notes": [ { "category": "description", "text": "Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with \"recycling of a buffer.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: information leak vulnerability in the handling of \u0027Transfer-Encoding\u0027 header", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-2227" }, { "category": "external", "summary": "RHBZ#612799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=612799" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2227", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2227" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2227", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2227" } ], "release_date": "2010-07-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-09-10T08:34:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0693" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "products": [ "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.19.src", "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.19.noarch", "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.19.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "tomcat: information leak vulnerability in the handling of \u0027Transfer-Encoding\u0027 header" } ] }
rhsa-2010_0119
Vulnerability from csaf_redhat
Published
2010-02-23 20:20
Modified
2024-11-22 03:34
Summary
Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.1 update
Notes
Topic
JBoss Enterprise Web Server 1.0.1 is now available for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
JBoss Enterprise Web Server is a fully integrated and certified set
of components for hosting Java web applications. It is comprised of the
industry's leading web server (Apache HTTP Server), the popular Apache
Tomcat servlet container, as well as the mod_jk connector and the Tomcat
Native library.
This 1.0.1 release of JBoss Enterprise Web Server serves as a replacement
to JBoss Enterprise Web Server 1.0.0 GA. These updated packages include
a number of bug fixes. For detailed component, installation, and bug fix
information, refer to the JBoss Enterprise Web Server 1.0.1 Release Notes,
available shortly from the link in the References section of this erratum.
The following security issues are also fixed with this release:
A directory traversal flaw was found in the Tomcat deployment process. An
attacker could create a specially-crafted WAR file, which once deployed
by a local, unsuspecting user, would lead to attacker-controlled content
being deployed outside of the web root, into directories accessible to the
Tomcat process. (CVE-2009-2693)
A second directory traversal flaw was found in the Tomcat deployment
process. WAR file names were not sanitized, which could allow an attacker
to create a specially-crafted WAR file that could delete files in the
Tomcat host's work directory. (CVE-2009-2902)
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. (CVE-2009-3555)
This update provides a mitigation for this flaw in the following
components:
tomcat5 and tomcat6: A new attribute, allowUnsafeLegacyRenegotiation, is
available for the blocking IO (BIO) connector using JSSE, to enable or
disable TLS session renegotiation. The default value is "false", meaning
session renegotiation, both client- and server-initiated, is disabled by
default.
tomcat-native: Client-initiated renegotiation is now rejected by the native
connector. Server-initiated renegotiation is still allowed.
Refer to the following Knowledgebase article for additional details about
the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491
All users of JBoss Enterprise Web Server 1.0.0 on Red Hat Enterprise Linux
4 and 5 are advised to upgrade to these updated packages.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "JBoss Enterprise Web Server 1.0.1 is now available for Red Hat Enterprise\nLinux 4 and 5.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Web Server is a fully integrated and certified set\nof components for hosting Java web applications. It is comprised of the\nindustry\u0027s leading web server (Apache HTTP Server), the popular Apache\nTomcat servlet container, as well as the mod_jk connector and the Tomcat\nNative library.\n\nThis 1.0.1 release of JBoss Enterprise Web Server serves as a replacement\nto JBoss Enterprise Web Server 1.0.0 GA. These updated packages include\na number of bug fixes. For detailed component, installation, and bug fix\ninformation, refer to the JBoss Enterprise Web Server 1.0.1 Release Notes,\navailable shortly from the link in the References section of this erratum.\n\nThe following security issues are also fixed with this release:\n\nA directory traversal flaw was found in the Tomcat deployment process. An\nattacker could create a specially-crafted WAR file, which once deployed\nby a local, unsuspecting user, would lead to attacker-controlled content\nbeing deployed outside of the web root, into directories accessible to the\nTomcat process. (CVE-2009-2693)\n\nA second directory traversal flaw was found in the Tomcat deployment\nprocess. WAR file names were not sanitized, which could allow an attacker\nto create a specially-crafted WAR file that could delete files in the\nTomcat host\u0027s work directory. (CVE-2009-2902)\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client\u0027s\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker\u0027s request as if authenticated using the\nvictim\u0027s credentials. (CVE-2009-3555)\n\nThis update provides a mitigation for this flaw in the following\ncomponents:\n\ntomcat5 and tomcat6: A new attribute, allowUnsafeLegacyRenegotiation, is\navailable for the blocking IO (BIO) connector using JSSE, to enable or\ndisable TLS session renegotiation. The default value is \"false\", meaning\nsession renegotiation, both client- and server-initiated, is disabled by\ndefault.\n\ntomcat-native: Client-initiated renegotiation is now rejected by the native\nconnector. Server-initiated renegotiation is still allowed.\n\nRefer to the following Knowledgebase article for additional details about\nthe CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll users of JBoss Enterprise Web Server 1.0.0 on Red Hat Enterprise Linux\n4 and 5 are advised to upgrade to these updated packages.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2010:0119", "url": "https://access.redhat.com/errata/RHSA-2010:0119" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "http://kbase.redhat.com/faq/docs/DOC-20491", "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "category": "external", "summary": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0.1/html-single/Release_Notes/index.html", "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0.1/html-single/Release_Notes/index.html" }, { "category": "external", "summary": "533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "558872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=558872" }, { "category": "external", "summary": "558873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=558873" }, { "category": "external", "summary": "559738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559738" }, { "category": "external", "summary": "559761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559761" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0119.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Web Server 1.0.1 update", "tracking": { "current_release_date": "2024-11-22T03:34:15+00:00", "generator": { "date": "2024-11-22T03:34:15+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2010:0119", "initial_release_date": "2010-02-23T20:20:00+00:00", "revision_history": [ { "date": "2010-02-23T20:20:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2010-02-23T15:20:08+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:34:15+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "product": { "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "product_id": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-validator@1.3.1-7.4.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "product": { "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "product_id": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.9.1-2.2_patch_01.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "product": { "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "product_id": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "mod_jk-0:1.2.28-4.ep5.el4.src", "product": { "name": "mod_jk-0:1.2.28-4.ep5.el4.src", "product_id": "mod_jk-0:1.2.28-4.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk@1.2.28-4.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "product": { "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "product_id": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-digester@1.8.1-7.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "product": { "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "product_id": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3.3.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.src", "product": { "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.src", "product_id": "glassfish-jsf-0:1.2_13-2.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_13-2.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "product": { "name": "jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "product_id": "jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-javaee@5.0.1-2.3.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "product": { "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "product_id": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-oro@2.0.8-3jpp.ep1.3.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "struts12-0:1.2.9-2.ep5.el4.src", "product": { "name": "struts12-0:1.2.9-2.ep5.el4.src", "product_id": "struts12-0:1.2.9-2.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/struts12@1.2.9-2.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "jakarta-commons-io-0:1.4-1.ep5.el4.src", "product": { "name": "jakarta-commons-io-0:1.4-1.ep5.el4.src", "product_id": "jakarta-commons-io-0:1.4-1.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-io@1.4-1.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "product": { "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "product_id": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-resolver12@1.2-1.1.ep5.el4?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.src", "product": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.src", "product_id": "tomcat-native-0:1.1.19-2.0.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.19-2.0.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "httpd22-0:2.2.14-4.ep5.el4.src", "product": { "name": "httpd22-0:2.2.14-4.ep5.el4.src", "product_id": "httpd22-0:2.2.14-4.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.14-4.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.24-2.ep5.el4.src", "product": { "name": "tomcat6-0:6.0.24-2.ep5.el4.src", "product_id": "tomcat6-0:6.0.24-2.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.24-2.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.28-7.ep5.el4.src", "product": { "name": "tomcat5-0:5.5.28-7.ep5.el4.src", "product_id": "tomcat5-0:5.5.28-7.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.28-7.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "product": { "name": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "product_id": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.1.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "httpd-0:2.2.14-1.2.1.ep5.el5.src", "product": { "name": "httpd-0:2.2.14-1.2.1.ep5.el5.src", "product_id": "httpd-0:2.2.14-1.2.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.14-1.2.1.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "mod_jk-0:1.2.28-4.1.ep5.el5.src", "product": { "name": "mod_jk-0:1.2.28-4.1.ep5.el5.src", "product_id": "mod_jk-0:1.2.28-4.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk@1.2.28-4.1.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "product": { "name": "jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "product_id": "jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-oro@2.0.8-3.1.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "struts12-0:1.2.9-2.ep5.el5.src", "product": { "name": "struts12-0:1.2.9-2.ep5.el5.src", "product_id": "struts12-0:1.2.9-2.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/struts12@1.2.9-2.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "glassfish-jsf-0:1.2_13-3.ep5.el5.src", "product": { "name": "glassfish-jsf-0:1.2_13-3.ep5.el5.src", "product_id": "glassfish-jsf-0:1.2_13-3.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_13-3.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "product": { "name": "jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "product_id": "jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-io@1.4-1.1.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "product": { "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "product_id": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.19-2.0.1.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.24-2.1.ep5.el5.src", "product": { "name": "tomcat6-0:6.0.24-2.1.ep5.el5.src", "product_id": "tomcat6-0:6.0.24-2.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.24-2.1.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.28-7.1.ep5.el5.src", "product": { "name": "tomcat5-0:5.5.28-7.1.ep5.el5.src", "product_id": "tomcat5-0:5.5.28-7.1.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.28-7.1.ep5.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "product": { "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "product_id": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-validator@1.3.1-7.4.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "product": { "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "product_id": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xerces-j2@2.9.1-2.2_patch_01.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "product": { "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "product_id": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "product": { "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "product_id": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-digester@1.8.1-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "product": { "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "product_id": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "product": { "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "product_id": "glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_13-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "product": { "name": "jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "product_id": "jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-javaee-poms@5.0.1-2.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "product": { "name": "jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "product_id": "jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-transaction-1.0.1-api@5.0.1-2.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "product": { "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "product_id": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-oro@2.0.8-3jpp.ep1.3.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "struts12-0:1.2.9-2.ep5.el4.noarch", "product": { "name": "struts12-0:1.2.9-2.ep5.el4.noarch", "product_id": "struts12-0:1.2.9-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/struts12@1.2.9-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "product": { "name": "jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "product_id": "jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-io@1.4-1.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "product": { "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "product_id": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-commons-resolver12@1.2-1.1.ep5.el4?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "product": { "name": "tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "product_id": "tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.24-2.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-eclipse@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-parent@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.28-7.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "product": { "name": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "product_id": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-chain@1.2-2.1.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "product": { "name": "jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "product_id": "jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-oro@2.0.8-3.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "struts12-0:1.2.9-2.ep5.el5.noarch", "product": { "name": "struts12-0:1.2.9-2.ep5.el5.noarch", "product_id": "struts12-0:1.2.9-2.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/struts12@1.2.9-2.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "product": { "name": "glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "product_id": "glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/glassfish-jsf@1.2_13-3.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "product": { "name": "jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "product_id": "jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jakarta-commons-io@1.4-1.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-lib@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-el-1.0-api@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-docs-webapp@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-javadoc@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-jsp-2.1-api@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-webapps@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-admin-webapps@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-log4j@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "product": { "name": "tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "product_id": "tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat6-servlet-2.5-api@6.0.24-2.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper-eclipse@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-parent@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.28-7.1.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "product": { "name": "tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "product_id": "tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.28-7.1.ep5.el5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "product": { "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "product_id": "mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-ap20@1.2.28-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "product": { "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "product_id": "mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.28-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "product": { "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "product_id": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.28-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "product": { "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "product_id": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.19-2.0.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "product": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "product_id": "tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.19-2.0.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-manual@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-devel@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "product": { "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "product_id": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.14-4.ep5.el4?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "product": { "name": "mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "product_id": "mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl22@2.2.14-4.ep5.el4?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "product": { "name": "httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "product_id": "httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.14-1.2.1.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "product": { "name": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "product_id": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.14-1.2.1.ep5.el5?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "product": { "name": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "product_id": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.14-1.2.1.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "product": { "name": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "product_id": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.14-1.2.1.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "product": { "name": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "product_id": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-ap20@1.2.28-4.1.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "product": { "name": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "product_id": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.28-4.1.ep5.el5?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "product": { "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "product_id": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.19-2.0.1.ep5.el5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "product": { "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "product_id": "mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-ap20@1.2.28-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "product": { "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "product_id": "mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.28-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "product": { "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "product_id": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-debuginfo@1.2.28-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "product": { "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "product_id": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.1.19-2.0.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "product": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "product_id": "tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.19-2.0.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-apr-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-apr-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-apr-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-manual-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-manual-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-manual-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-manual@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-devel-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-devel-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-devel-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-devel@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "product": { "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "product_id": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.14-4.ep5.el4?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl22-1:2.2.14-4.ep5.el4.i386", "product": { "name": "mod_ssl22-1:2.2.14-4.ep5.el4.i386", "product_id": "mod_ssl22-1:2.2.14-4.ep5.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl22@2.2.14-4.ep5.el4?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-0:2.2.14-1.2.1.ep5.el5.i386", "product": { "name": "httpd-0:2.2.14-1.2.1.ep5.el5.i386", "product_id": "httpd-0:2.2.14-1.2.1.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd@2.2.14-1.2.1.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "product": { "name": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "product_id": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_ssl@2.2.14-1.2.1.ep5.el5?arch=i386\u0026epoch=1" } } }, { "category": "product_version", "name": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "product": { "name": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "product_id": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-manual@2.2.14-1.2.1.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "product": { "name": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "product_id": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/httpd-devel@2.2.14-1.2.1.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "product": { "name": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "product_id": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-ap20@1.2.28-4.1.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "product": { "name": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "product_id": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_jk-manual@1.2.28-4.1.ep5.el5?arch=i386" } } }, { "category": "product_version", "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "product": { "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "product_id": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.1.19-2.0.1.ep5.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch" }, "product_reference": "glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src" }, "product_reference": "glassfish-jsf-0:1.2_13-2.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.14-4.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src" }, "product_reference": "httpd22-0:2.2.14-4.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-devel-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-manual-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch" }, "product_reference": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src" }, "product_reference": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch" }, "product_reference": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src" }, "product_reference": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-io-0:1.4-1.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch" }, "product_reference": "jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-io-0:1.4-1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src" }, "product_reference": "jakarta-commons-io-0:1.4-1.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch" }, "product_reference": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src" }, "product_reference": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch" }, "product_reference": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src" }, "product_reference": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch" }, "product_reference": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src" }, "product_reference": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-javaee-0:5.0.1-2.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src" }, "product_reference": "jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch" }, "product_reference": "jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch" }, "product_reference": "jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-0:1.2.28-4.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src" }, "product_reference": "mod_jk-0:1.2.28-4.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386" }, "product_reference": "mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64" }, "product_reference": "mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386" }, "product_reference": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64" }, "product_reference": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386" }, "product_reference": "mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64" }, "product_reference": "mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386" }, "product_reference": "mod_ssl22-1:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "struts12-0:1.2.9-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch" }, "product_reference": "struts12-0:1.2.9-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "struts12-0:1.2.9-2.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src" }, "product_reference": "struts12-0:1.2.9-2.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386" }, "product_reference": "tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src" }, "product_reference": "tomcat-native-0:1.1.19-2.0.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64" }, "product_reference": "tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386" }, "product_reference": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64" }, "product_reference": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.28-7.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src" }, "product_reference": "tomcat5-0:5.5.28-7.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-parent-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.24-2.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src" }, "product_reference": "tomcat6-0:6.0.24-2.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch" }, "product_reference": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src" }, "product_reference": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch" }, "product_reference": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS", "product_id": "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src" }, "product_reference": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch" }, "product_reference": "glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jsf-0:1.2_13-2.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src" }, "product_reference": "glassfish-jsf-0:1.2_13-2.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.14-4.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src" }, "product_reference": "httpd22-0:2.2.14-4.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-devel-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-devel-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386" }, "product_reference": "httpd22-manual-0:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd22-manual-0:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch" }, "product_reference": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src" }, "product_reference": "jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch" }, "product_reference": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src" }, "product_reference": "jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-io-0:1.4-1.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch" }, "product_reference": "jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-io-0:1.4-1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src" }, "product_reference": "jakarta-commons-io-0:1.4-1.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch" }, "product_reference": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src" }, "product_reference": "jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch" }, "product_reference": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src" }, "product_reference": "jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch" }, "product_reference": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src" }, "product_reference": "jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-javaee-0:5.0.1-2.3.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src" }, "product_reference": "jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch" }, "product_reference": "jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch" }, "product_reference": "jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-0:1.2.28-4.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src" }, "product_reference": "mod_jk-0:1.2.28-4.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386" }, "product_reference": "mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64" }, "product_reference": "mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386" }, "product_reference": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64" }, "product_reference": "mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386" }, "product_reference": "mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64" }, "product_reference": "mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.14-4.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386" }, "product_reference": "mod_ssl22-1:2.2.14-4.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl22-1:2.2.14-4.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64" }, "product_reference": "mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "struts12-0:1.2.9-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch" }, "product_reference": "struts12-0:1.2.9-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "struts12-0:1.2.9-2.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src" }, "product_reference": "struts12-0:1.2.9-2.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386" }, "product_reference": "tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src" }, "product_reference": "tomcat-native-0:1.1.19-2.0.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64" }, "product_reference": "tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386" }, "product_reference": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64" }, "product_reference": "tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.28-7.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src" }, "product_reference": "tomcat5-0:5.5.28-7.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-parent-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.24-2.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src" }, "product_reference": "tomcat6-0:6.0.24-2.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch" }, "product_reference": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src" }, "product_reference": "xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch" }, "product_reference": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES", "product_id": "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src" }, "product_reference": "xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jsf-0:1.2_13-3.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch" }, "product_reference": "glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "glassfish-jsf-0:1.2_13-3.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src" }, "product_reference": "glassfish-jsf-0:1.2_13-3.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.14-1.2.1.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386" }, "product_reference": "httpd-0:2.2.14-1.2.1.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.14-1.2.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src" }, "product_reference": "httpd-0:2.2.14-1.2.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-0:2.2.14-1.2.1.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64" }, "product_reference": "httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386" }, "product_reference": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64" }, "product_reference": "httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386" }, "product_reference": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64" }, "product_reference": "httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch" }, "product_reference": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src" }, "product_reference": "jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch" }, "product_reference": "jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-commons-io-0:1.4-1.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src" }, "product_reference": "jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch" }, "product_reference": "jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "jakarta-oro-0:2.0.8-3.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src" }, "product_reference": "jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-0:1.2.28-4.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src" }, "product_reference": "mod_jk-0:1.2.28-4.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386" }, "product_reference": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64" }, "product_reference": "mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386" }, "product_reference": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64" }, "product_reference": "mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386" }, "product_reference": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64" }, "product_reference": "mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "struts12-0:1.2.9-2.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch" }, "product_reference": "struts12-0:1.2.9-2.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "struts12-0:1.2.9-2.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src" }, "product_reference": "struts12-0:1.2.9-2.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386" }, "product_reference": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src" }, "product_reference": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64" }, "product_reference": "tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-0:5.5.28-7.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src" }, "product_reference": "tomcat5-0:5.5.28-7.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch" }, "product_reference": "tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-0:6.0.24-2.1.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src" }, "product_reference": "tomcat6-0:6.0.24-2.1.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server", "product_id": "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" }, "product_reference": "tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWS-5.0.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-2693", "discovery_date": "2010-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559738" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: unexpected file deletion and/or alteration", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2693" }, { "category": "external", "summary": "RHBZ#559738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559738" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2693", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2693" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2693", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2693" } ], "release_date": "2010-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-23T20:20:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0119" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: unexpected file deletion and/or alteration" }, { "cve": "CVE-2009-2902", "discovery_date": "2010-01-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "559761" } ], "notes": [ { "category": "description", "text": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: unexpected file deletion in work directory", "title": "Vulnerability summary" }, { "category": "other", "text": "The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-2902" }, { "category": "external", "summary": "RHBZ#559761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=559761" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-2902", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2902" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2902", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2902" } ], "release_date": "2010-01-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-23T20:20:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0119" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "tomcat: unexpected file deletion in work directory" }, { "cve": "CVE-2009-3555", "cwe": { "id": "CWE-300", "name": "Channel Accessible by Non-Endpoint" }, "discovery_date": "2009-10-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "533125" } ], "notes": [ { "category": "description", "text": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "TLS: MITM attacks via session renegotiation", "title": "Vulnerability summary" }, { "category": "other", "text": "Additional information can be found in the Red Hat Knowledgebase article:\nhttps://access.redhat.com/articles/20490", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "category": "external", "summary": "RHBZ#533125", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3555", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" } ], "release_date": "2009-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-23T20:20:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0119" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "TLS: MITM attacks via session renegotiation" }, { "cve": "CVE-2010-2086", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2010-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "598164" } ], "notes": [ { "category": "description", "text": "Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.", "title": "Vulnerability description" }, { "category": "summary", "text": "MyFaces: XSS via state view", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2010-2086" }, { "category": "external", "summary": "RHBZ#598164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598164" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2010-2086", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2086" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-2086", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2086" } ], "release_date": "2010-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2010-02-23T20:20:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2010:0119" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4AS-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4AS-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4AS-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4AS-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4AS-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4AS-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-2.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.src", "4ES-JBEWS-5.0.0:httpd22-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:httpd22-manual-0:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-digester-0:1.8.1-7.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-modeler-0:2.0-3.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-commons-validator-0:1.3.1-7.4.ep5.el4.src", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3jpp.ep1.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-0:5.0.1-2.3.ep5.el4.src", "4ES-JBEWS-5.0.0:jboss-javaee-poms-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:jboss-transaction-1.0.1-api-0:5.0.1-2.3.ep5.el4.noarch", "4ES-JBEWS-5.0.0:mod_jk-0:1.2.28-4.ep5.el4.src", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-debuginfo-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.i386", "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.14-4.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.i386", "4ES-JBEWS-5.0.0:tomcat-native-debuginfo-0:1.1.19-2.0.ep5.el4.x86_64", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-0:5.5.28-7.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-0:6.0.24-2.ep5.el4.src", "4ES-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xerces-j2-0:2.9.1-2.2_patch_01.ep5.el4.src", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.noarch", "4ES-JBEWS-5.0.0:xml-commons-resolver12-1:1.2-1.1.ep5.el4.src", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.noarch", "5Server-JBEWS-5.0.0:glassfish-jsf-0:1.2_13-3.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:httpd-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-chain-0:1.2-2.1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-commons-io-0:1.4-1.1.ep5.el5.src", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:jakarta-oro-0:2.0.8-3.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-0:1.2.28-4.1.ep5.el5.src", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-ap20-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_jk-manual-0:1.2.28-4.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.14-1.2.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.noarch", "5Server-JBEWS-5.0.0:struts12-0:1.2.9-2.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.i386", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat-native-0:1.1.19-2.0.1.ep5.el5.x86_64", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-0:5.5.28-7.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat5-admin-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-common-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-eclipse-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jasper-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-jsp-2.0-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-parent-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-server-lib-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-servlet-2.4-api-javadoc-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat5-webapps-0:5.5.28-7.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-0:6.0.24-2.1.ep5.el5.src", "5Server-JBEWS-5.0.0:tomcat6-admin-webapps-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-docs-webapp-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-el-1.0-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-javadoc-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-jsp-2.1-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-lib-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-log4j-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-servlet-2.5-api-0:6.0.24-2.1.ep5.el5.noarch", "5Server-JBEWS-5.0.0:tomcat6-webapps-0:6.0.24-2.1.ep5.el5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "MyFaces: XSS via state view" } ] }
ghsa-ggx9-4728-588r
Vulnerability from github
Published
2022-05-02 03:37
Modified
2024-02-21 16:44
Summary
Apache Tomcat Directory Traversal vulnerability
Details
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a ..
(dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat
entry.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 5.5.28" }, "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "5.5.0" }, { "fixed": "5.5.29" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.tomcat:tomcat" }, "ranges": [ { "events": [ { "introduced": "6.0.0" }, { "fixed": "6.0.24" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2009-2693" ], "database_specific": { "cwe_ids": [ "CWE-22" ], "github_reviewed": true, "github_reviewed_at": "2024-02-08T21:29:22Z", "nvd_published_at": "2010-01-28T20:30:00Z", "severity": "MODERATE" }, "details": "Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a `..` (dot dot) in an entry in a WAR file, as demonstrated by a `../../bin/catalina.bat` entry.", "id": "GHSA-ggx9-4728-588r", "modified": "2024-02-21T16:44:38Z", "published": "2022-05-02T03:37:48Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2693" }, { "type": "WEB", "url": "https://github.com/apache/tomcat/commit/3e1010b1a2f648581fac3d68afbf18f2979f6bf6" }, { "type": "WEB", "url": "https://github.com/apache/tomcat55/commit/0299cb724ea71f304d54adfcdb950f59b01fb421" }, { "type": "WEB", "url": "https://web.archive.org/web/20201206235536/http://www.securityfocus.com/archive/1/509148/100/0/threaded" }, { "type": "WEB", "url": "https://web.archive.org/web/20200516121700/http://www.securityfocus.com/archive/1/516397/100/0/threaded" }, { "type": "WEB", "url": "https://web.archive.org/web/20200229071135/http://www.securityfocus.com/bid/37944" }, { "type": "WEB", "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=c02241113" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7017" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:19355" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E" }, { "type": "PACKAGE", "url": "https://github.com/apache/tomcat" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55855" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2010:0582" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2010:0580" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2010:0119" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=127420533226623\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT4077" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?rev=892815\u0026view=rev" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?rev=902650\u0026view=rev" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-5.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-6.html" }, { "type": "WEB", "url": "http://ubuntu.com/usn/usn-899-1" }, { "type": "WEB", "url": "http://www.debian.org/security/2011/dsa-2207" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177" }, { "type": "WEB", "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "type": "WEB", "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" } ], "schema_version": "1.4.0", "severity": [], "summary": "Apache Tomcat Directory Traversal vulnerability" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.